CISA Needs More Money, Lawmakers Tell House Appropriations Committee
Two Congressional lawmakers are urging the House Appropriations Committee to allocate at least $400 million more to the Cybersecurity and Infrastructure Security Agency‘s (CISA) budget for FY 2022, a new report said.
Reps. Jim Langevin (D-RI) and Mike Gallagher (R-WI), in a letter to the Committee praised CISA’s response to the massive SolarWinds Orion attack tied to Russian-backed cyber operatives and the vast Microsoft Exchange Server infiltration carried out by the China-sponsored Hafnium hacking crew, as the lawmakers lobbied for a fatter funding package for the agency.
“As part of the U.S. government response to both, CISA played a central role, providing cyber defenders in its sister agencies and critical infrastructure providers across the country with timely and reliable information on the threat and indicators of compromise,” Langevin and Gallagher wrote in the letter provided to The Hill. “Meanwhile, CISA continues to provide services to the rest of the U.S. government to identify threats and harden federal networks against future attacks, to the extent that their resources allow.”
The Congressional members said that the nation-state cyber conflagration moves CISA from the wings to center stage to “build meaningful security in federal networks and national resilience to significant cyber incidents.” Langevin, the co-chair of the Congressional Cybersecurity Caucus, and Gallagher, who co-chairs the Cyberspace Solarium Commission, said that failing to increase CISA’s budget would amount to an “exercise in limiting damage to existing programs while triaging new responsibilities, and CISA would fall far short of the strong and effective cybersecurity agency the U.S. badly needs.”
More than $2 billion in discretionary funding allocated to CISA is line-itemed in President Biden’s FY 2022 proposed budget request sent to Congress. The $1.52 trillion budget outline, which in actuality serves only as a White House wish list, includes $52 billion for the Department of Homeland Security (DHS), CISA’s umbrella agency. The CISA discretionary request amounts to a $110 million increase from the 2021 enacted level. Additional provisions in the FY 2022 discretionary budget proposal include $20 million for a Cyber Response and Recovery Fund, $500 million for the Technology Modernization Fund, $750 million for IT enhancements to federal agencies and $128 million to expand scientific and technological research at the National Institute of Standards and Technology.
While welcoming the additional funding for CISA, Langevin called for more. “While I believe the $110 million increase for CISA is a good start, I think we can be even bolder in our vision for the nation’s premiere cybersecurity agency,” he said.
The fiscal $740 billion 2021 National Defense Authorization Act (NDAA) approved last December created the new national cybersecurity director position within the White House responsible for coordinating federal cybersecurity policies. The NDAA became law on January 1, 2021. The cyber czar position maps to the standalone National Cyber Director Act introduced in July, 2020 by Langevin and Gallagher.
Cybersecurity takes a backseat in President Biden’s proposed $2.25 trillion infrastructure package, which is unlikely to garner bipartisan support, with no money allocated to defend the country from cyber attacks on critical infrastructure targets. Biden reportedly will soon issue an executive order said to include about a dozen actions to improve federal cybersecurity.
The White House and some legislators are steadily moving cybersecurity to the list of top priorities. While dozens of cybersecurity bills have languished in the Senate for a number of years, some are being reintroduced and new roles are being created. Two weeks ago, Biden said he would nominate Chris Inglis, a 28-year veteran of the National Security Agency, to be the first national cyber director, and tap Jen Easterly, a key figure in the U.S. Cyber Command, to head a new CISA bureau inside the Department of Homeland Security. The bipartisan Cyber Diplomacy Act, introduced in late April by Rep. Michael McCaul (R-TX), ranking member of the House Foreign Affairs Committee and co-sponsored by Langevin and Gallagher, would establish a Bureau of International Cyberspace Policy, the head of which would have the rank and status of ambassador as appointed by the President and affirmed by the Senate.