President Joe Biden’s fiscal 2022 budget blueprint released Friday proposes $750 million for the federal government to respond to “lessons learned” from the SolarWinds supply chain hack that compromised nine agencies.
In all, the budget proposes $9.8 billion in federal civilian cybersecurity funding, a 14% increase from the spending levels allocated for the current fiscal year, according to a summary. That number doesn’t take into account Defense Department funding requests, for which the unclassified total for cyberspace is $10.8 billion. That represents just a portion of DOD funding, too, given the classified nature of many Pentagon cyber functions.
“Cybersecurity is a top priority for this Administration, and recent events, such as the SolarWinds cyber incident, have shown that adversaries continue to target Federal systems,” one budget document reads.
The blueprint also requests $15 million for the recently-created national cyber director office in the White House, and $20 million for a new Cyber Response and Recovery Fund — both reflections of Cyberspace Solarium Commission recommendations. It also includes a $110 million requested increase for the Department of Homeland Security’s $2 billion Cybersecurity and Infrastructure Security Agency, as previously signaled.
The White House request would require congressional approval, making the blueprint more of a wishlist than what’s certain to become reality. With his party controlling Congress, the Democratic president has a better chance of getting what he wants than if Republican lawmakers held a majority on Capitol Hill.
The assorted budget documents are short on specifics about which SolarWinds lessons the $750 million would directly answer. But it’s another Biden administration commitment to addressing the federal government security shortcomings those compromises exposed, following closely on the heels of an executive order signed earlier this month.
“Cybersecurity budgetary priorities will continue to seek to reduce the risk and impact of cyber incidents (e.g. SolarWinds), based on data-driven, risk-based assessments of the threat environment and the current Federal cybersecurity posture,” according to a budget document.
An initiative to replace aging federal information technology called the Technology Modernization Fund would get $500 million under the Biden budget plan on top of the $1 billion already dedicated under the American Rescue Plan, in part to “bolster cybersecurity defenses following the SolarWinds incident.”
Other fiscal 2022 cyber investment priorities, according to budget documents, include the federal cybersecurity workforce; the DHS Continuous Diagnostics and Mitigation program for defending federal agencies; supply chain risk management; and coordinated vulnerability disclosure programs that enlist ethical hackers to test agency defenses.
“The Budget also fully supports the Department of Defense (DOD) cyber efforts, which include safeguarding DOD’s networks, information, and systems; supporting military commander objectives; and defending the nation against cyber threats,” a budget document states.
Update, 5/28/21: Now includes the DOD funding request.