Security Experts:

Connect with us

Hi, what are you looking for?


Cybersecurity Funding

White House Proposes $10.9 Billion Budget for Cybersecurity

White House cybersecurity budget plan for FY 2023

White House cybersecurity budget plan for FY 2023

The White House on Monday unveiled President Joe Biden’s $5.8 trillion budget plan for fiscal year 2023, and cybersecurity appears to be a key priority, with a significant increase in spending compared to the previous year.

The president’s budget request includes roughly $10.9 billion for civilian cybersecurity-related activities, which represents an 11% increase compared to 2022.

A large chunk of that amount — specifically $2.5 billion — has been allocated to the DHS’s Cybersecurity and Infrastructure Security Agency (CISA). That is nearly $500 million more than in the previous year.

The funding should help improve the protection of federal infrastructure and service delivery against sophisticated cyber threats, including to “maintain critical cybersecurity capabilities implemented in the American Rescue Plan; expand network protection throughout the Federal executive Branch; and bolster support capabilities, such as cloud business applications, enhanced analytics, and stakeholder engagement.”

The budget should also help the Office of the National Cyber Director improve “national coordination in the face of escalating cyber attacks on Government and critical infrastructure.” In addition, funding has been allocated to improving the safety and security of elections, and creating public-private partnerships.

Much of the funding is dedicated to goals outlined in the cybersecurity executive order signed by President Biden in May 2021. Some of the initiatives described in the executive order were announced earlier this year, including one related to boosting the cybersecurity of National Security Systems, a federal zero trust strategy, and a cyber safety review board.

The proposal to increase the FY 2023 budget for cybersecurity comes roughly one week after the president urged U.S. companies to strengthen the security of their systems due to the increasing threat from Russia. Biden said the government had learned that Moscow may be planning a significant cyberattack.

The funding proposal also includes $215 million (an increase of $197 million) to protect sensitive agency systems and information, an additional $10 million to “build and strengthen the national cybersecurity workforce pipeline,” and an additional $36 million for ICT supply chain security.

The budget plan names several government organizations that will receive funding to improve cybersecurity, including the Coast Guard, the Federal Aviation Administration, the Treasury Department, the Department of Justice, and the Department of Veterans Affairs.

The White House also wants to give Ukraine $682 million to “counter Russian malign influence and to meet emerging needs related to security, energy, cybersecurity issues, disinformation, macroeconomic stabilization, and civil society resilience.”

Industry professionals applaud the increased spending in cyber.

“The FY2023 budget proposal clearly demonstrates cybersecurity continues to be a top priority for the federal government,” said Mariano Nunez, CEO at Onapsis. “Repeated warnings from CISA and the Biden Administration on the Russian cyber threat over the last few weeks have heightened the state of alertness for U.S. agencies and businesses across industries, which are expecting ‘tit-for-tat’ cyber attacks from Russia in response to the economic sanctions.

“Additional funding for cybersecurity within the federal government is extremely important in this new era of interconnected risk, especially between business applications and critical operational technology infrastructure. Prioritizing the modernization of aging technology stacks will be essential to mitigate rising cybersecurity vulnerabilities, and ensure the security of the Nation’s most critical systems and applications from malicious cyber campaigns,” Nunez added.

On the other hand, Mike Wiacek, founder and CEO of Stairwell, cautioned, “You can’t just throw dollars in the form of off-the-shelf defenses against sophisticated attackers. Organizations protecting critical infrastructure need to move beyond the basics, to the point where they can rapidly consume and share threat intelligence in order to move faster than the attackers.”

Related: U.S. Gov Issues Stark Warning, Calling Firmware Security a ‘Single Point of Failure’

Related: Lawmakers Introduce Combined Bill for Strengthening Critical Infrastructure Security

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...