After months of marking up a dozen spending bills, legislators have finalized the cybersecurity budget for the fiscal year 2023. The collective set of bills allocates $15.6 billion for cybersecurity spending in federal departments and agencies. As part of the administration’s efforts to strengthen defenses against cyberattacks, the bulk of the budget ($11.2 billion) will go to the Department of Defense (DoD).
Almost two years after the SolarWinds hack, the government continues to invest more resources to secure the perimeter around its information networks. The approved budget also allocates almost $3 billion to the Cybersecurity and Infrastructure Security Agency (CISA), which is notably $417 million more than President Joe Biden requested.
How Government Cybersecurity Investment Will Help the Nation
In May 2021, President Biden issued an executive order that urges all federal agencies to implement higher cybersecurity standards and improve their threat posture. The additional funds going to CISA aim to help the administration achieve the goals as set out in the executive order.
Additionally, the requested budget gave specific goals for improving the government’s federal Information Technology (IT) systems. Some of the key goals included:
- Delivering critical public services while protecting sensitive data and systems
- Implementing federal laws to guide technology planning, oversight, funding, and accountability practices
- Empowering the Office of Management and Budget (OMB) to provide agencies with guidance on the strategic use of IT for improved mission outcomes
Some goals seek to address the primary challenges facing the government’s cybersecurity posture. The budget seeks to support IT system modernization, migration to cost-effective and secure cloud solutions, recruiting and reskilling the cybersecurity workforce, and reducing cybersecurity risks throughout the federal enterprise.
With the White House and legislators on the same page when it comes to the nation’s information security, let’s look at what this cybersecurity investment means for the future.
What Does the Increase in Cybersecurity Investment Mean for Agencies
The U.S. government is ramping up efforts to secure the nation’s critical infrastructure and improve its cybersecurity posture. Legislators are pushing for more public and private partnerships as well as improved collaboration between the DoD and CISA. The House appropriators want the Defense secretary to provide supplementary support to CISA for cases that involve intrusions from Russia or China.
Cybersecurity Challenges Facing Government Agencies
Among the DoD’s arsenal are the U.S. Cyber Command and the National Security Agency (NSA), which have the most cybersecurity resources in government. Cyber Command currently operates 133 Cyber Mission Forces, with plans to add five more teams in 2023. However, there is a coordination failure of responsibilities between these agencies, White House departments, and DoD officials.
The main challenges are:
- It remains unclear which cybersecurity-related offices and agencies are responsible for what activities
- The White House’s Office of the Secretary of Defense has six senior officials with a variety of responsibilities for cybersecurity
- Each of the services departments has its own cyber establishment, making coordination exceptionally difficult
Legislators requested the Defense secretary to detail the responsibilities using an organizational chart to gain a better understanding of the roles, duties, and responsibilities of each cybersecurity team and official.
Some noteworthy cybersecurity budget appropriations for public agencies included:
- Treasury Department’s Cybersecurity Enhancement Account – $135 million
- The Office of the National Cyber Director – $22 million
- The federal judiciary – $128 million
- The Energy Department’s Office of Cybersecurity, Energy, Security, and Emergency Response – $205 million
- The Justice Department’s Justice Information Sharing Technology Program – $75 million with another $31 million to strengthen DOJ cybersecurity
There are also increased allocations for the FBI, the National Science Foundation, and the National Institute of Standards and Technology (NIST). The NIST is currently researching and developing national standards for post-quantum cryptography. As today’s encryption techniques may become vulnerable to a quantum computer of sufficient processing power, the research aims to protect classical computer systems from a post-quantum computing world.
How the Increased Spending Affects the Private Sector
In March, The President launched action plans for public-private partnerships. These plans call on some of the nation’s top allies including G7 countries to improve cooperation and provide the public sector with tools and resources as is evident in the CISA’s Shields-Up campaign.
For cybersecurity companies, this opens up a new round of opportunities to work with government agencies and private companies to shore up protection for critical infrastructure. With most of the Nation’s critical infrastructure such as telecommunications, energy, and water services operated by the private sector, efficient and effective collaboration between cybersecurity agencies and private sector companies will be essential for an improved threat posture.
How Wickr Can Reduce the Risk Landscape for Private Organizations and Public Agencies
Wickr is an End-to-End Encryption (E2EE) communications platform with perfect forward secrecy and post-compromise security. The zero-trust platform design is DoD compliant, allowing organizations that require secure collaboration to interact safely and securely across any network. Wickr also continues to research and develop safer encryption algorithms that can protect data in a post-quantum world.
As the government gears up its cybersecurity defenses with increased spending across all agencies, schedule a demo from Wickr to see how we can help.