The Biden administration’s proposed cybersecurity budget for 2025 would increase spending by over $1 billion, but it is presently queued up behind the ongoing unresolved debate over 2024’s spending.
If the cybersecurity budget were to be accepted, it would increase spending from $11.8 billion to $13 billion. The current spending number is a temporary compromise that had to come down from an initial request for $12.7 billion, however, and there is little reason to believe that 2025’s budget struggle will be different from 2024’s.
Cybersecurity budget attempts to address defensive holes
Among other things, CISA has recently pointed out that it does not have the manpower to respond to a mass attack on multiple operational technology systems and that it is being badly outpaced by the sheer number of Chinese state-sponsored hackers.
The cybersecurity budget also has a heavy focus on improving the state of critical infrastructure defenses, something that has been in the news repeatedly as of late. Health care organizations have had particular difficulties as they (and their stores of valuable personal data) have become a top target for profit-seeking criminal hackers.
CISA stands to gain quite a bit if the cybersecurity budget is taken up, but it is far from the only beneficiary. The DOJ, DHS and Energy Department among others would see new funding to create or support programs that bolster defenses.
Federal agency money would focus on resilience, AI training
CISA’s budget would go up to $3 billion, an increase of $103 million. Among other things, this money would go to a program meant to create a centralized threat intelligence database to be shared by both state and local governments and private entities alike. CISA also needs additional funding for its longtime Continuous Diagnostics and Mitigation (CDM) program, which is gradually making cybersecurity improvements across federal agencies with a current focus on mobile device and cloud security.
The budget also addresses the need for CISA to develop a unified incident reporting standard for its 16 designated critical infrastructure sectors, which are now mostly operating under a patchwork of fairly recent executive orders. The DOJ would get money to open a new office in its National Security Division that would do nothing but track cyber threats. And the Energy Department would get money for AI testing to develop security and resilience measures for its share of critical infrastructure.
Zero trust programs would also continue to be rolled out in multiple federal agencies, something the Biden administration has shown a keen interest in implementing. But all of this will hinge on what Congress opts to do. At present, legislators have their hands full trying to resolve the 2024 budget. Negotiations continue as a March 22 shutdown looms, though this date could be extended by vote once again. Given the overall spending amount would be slightly increased from the total that Republicans opposed in this year’s original cybersecurity budget, and a generally lukewarm-at-best sentiment toward CISA on that side of the aisle, there will likely be more arguing and cuts within the next year’s time.