Security Experts:

White House Proposes $10.9 Billion Budget for Cybersecurity

White House cybersecurity budget plan for FY 2023

The White House on Monday unveiled President Joe Biden’s $5.8 trillion budget plan for fiscal year 2023, and cybersecurity appears to be a key priority, with a significant increase in spending compared to the previous year.

The president’s budget request includes roughly $10.9 billion for civilian cybersecurity-related activities, which represents an 11% increase compared to 2022.

A large chunk of that amount — specifically $2.5 billion — has been allocated to the DHS’s Cybersecurity and Infrastructure Security Agency (CISA). That is nearly $500 million more than in the previous year.

The funding should help improve the protection of federal infrastructure and service delivery against sophisticated cyber threats, including to “maintain critical cybersecurity capabilities implemented in the American Rescue Plan; expand network protection throughout the Federal executive Branch; and bolster support capabilities, such as cloud business applications, enhanced analytics, and stakeholder engagement.”

The budget should also help the Office of the National Cyber Director improve “national coordination in the face of escalating cyber attacks on Government and critical infrastructure.” In addition, funding has been allocated to improving the safety and security of elections, and creating public-private partnerships.

Much of the funding is dedicated to goals outlined in the cybersecurity executive order signed by President Biden in May 2021. Some of the initiatives described in the executive order were announced earlier this year, including one related to boosting the cybersecurity of National Security Systems, a federal zero trust strategy, and a cyber safety review board.

The proposal to increase the FY 2023 budget for cybersecurity comes roughly one week after the president urged U.S. companies to strengthen the security of their systems due to the increasing threat from Russia. Biden said the government had learned that Moscow may be planning a significant cyberattack.

The funding proposal also includes $215 million (an increase of $197 million) to protect sensitive agency systems and information, an additional $10 million to “build and strengthen the national cybersecurity workforce pipeline,” and an additional $36 million for ICT supply chain security.

The budget plan names several government organizations that will receive funding to improve cybersecurity, including the Coast Guard, the Federal Aviation Administration, the Treasury Department, the Department of Justice, and the Department of Veterans Affairs.

The White House also wants to give Ukraine $682 million to “counter Russian malign influence and to meet emerging needs related to security, energy, cybersecurity issues, disinformation, macroeconomic stabilization, and civil society resilience.”

Industry professionals applaud the increased spending in cyber.

“The FY2023 budget proposal clearly demonstrates cybersecurity continues to be a top priority for the federal government,” said Mariano Nunez, CEO at Onapsis. “Repeated warnings from CISA and the Biden Administration on the Russian cyber threat over the last few weeks have heightened the state of alertness for U.S. agencies and businesses across industries, which are expecting 'tit-for-tat' cyber attacks from Russia in response to the economic sanctions.

“Additional funding for cybersecurity within the federal government is extremely important in this new era of interconnected risk, especially between business applications and critical operational technology infrastructure. Prioritizing the modernization of aging technology stacks will be essential to mitigate rising cybersecurity vulnerabilities, and ensure the security of the Nation's most critical systems and applications from malicious cyber campaigns,” Nunez added.

On the other hand, Mike Wiacek, founder and CEO of Stairwell, cautioned, “You can’t just throw dollars in the form of off-the-shelf defenses against sophisticated attackers. Organizations protecting critical infrastructure need to move beyond the basics, to the point where they can rapidly consume and share threat intelligence in order to move faster than the attackers.”

Related: U.S. Gov Issues Stark Warning, Calling Firmware Security a 'Single Point of Failure'

Related: Lawmakers Introduce Combined Bill for Strengthening Critical Infrastructure Security

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.