Funding targeted for the cybersecurity accounts within the Cybersecurity and Infrastructure Security Agency (CISA) would see the slightest uptick if Congress approves the fiscal year 2022 budget as proposed for the agency but the proposed increase registers less than a percent.
Overall, the Department of Homeland Security is seeking $2.1 billion for CISA in FY ’22, $110 million more than Congress provided in FY ’21, with just over half the increase going towards cybersecurity rather than infrastructure security.
The budget proposes $1.28 billion for CISA’s cybersecurity work versus $1.22 billion in the current fiscal year. This proposal is on top of $650 million that Congress recently provided to CISA as part of an economic stimulus package, the American Rescue Plan Act of 2021, that is targeted at cybersecurity.
Congress may have been expecting more for CISA’s cyber efforts in the budget request, part of a $52.2 billion overall discretionary request by the Biden administration for DHS, an amount that is also essentially flat versus FY ’21. The administration released the request last Friday.
Sen. Maggie Hassan (D-N.H.), a member of the Senate Homeland Security and Governmental Affairs Committee, said on Friday that “I am concerned that a flat DHS budget will not provide enough resources to address growing cybersecurity, border security and vetting, and violent extremism threats facing the United States.”
In a letter to Shalanda Young, acting director of the White House Office of Management and Budget, Hassan said “Even as federal agencies work to recover and bolster their defenses following the recent SolarWinds and Microsoft Exchange cyber-attacks, news reports today indicate that federal agency systems have once again been targeted by foreign adversaries trying to implant software code that may give the hackers broad access to agency and organization computer systems.”
For CISA’s cybersecurity account, DHS is proposing $407.6 million for the EINSTEIN perimeter security systems of systems and $325.4 million for the Continuous Diagnostics and Mitigation (CDM) program, which provide federal civilian agencies with more situational awareness of their networks and tools to protect those networks.
For EINSTEIN, the funding request is 4 percent more than enacted in FY ’21. The increase is within the operations and support portion of the program while DHS is seeking a slight cut in the acquisition component to EINSTEIN.
CISA officials have said that the sophisticated SolarWinds [SWI] software supply chain hack by Russian agents bypassed EINSTEIN altogether and found its way into federal networks through routine updates to software. For these types of attacks, the official said there needs to be more emphasis on the CDM program.
The proposed funding for CDM is a scant $4 million more than Congress provided in FY ’21, although a significant portion of the $650 million in stimulus funding provided to CISA will be spent on CDM. DHS would cut operations and support funding for CDM versus FY ’21 and offset those decreases with increased procurement of program tools, according to budget documents.
The budget proposal also includes $20 million for a new Cyber Response and Recovery Fund, which CISA would use to help critical infrastructures respond to significant cyber incidents. There is strong bipartisan support for the new fund.