CISA Funding Boosts Cybersecurity Ops, Infrastructure Security
The House Homeland Security appropriations subcommittee has approved a budget of $2.9 billion for the Cybersecurity and Infrastructure Security Agency (CISA), an increase of $334 million above the FY 2022 enacted level and $417 million above the request.
The CISA is a particularly important organization for MSSPs and MSPs. Indeed, the government agency spends considerable time tracking supply chain cyberattacks and other threats that specifically target service providers.
CISA Budget: Where Cybersecurity Fits In
The new CISA budget includes the following:
- $235.4 million for cybersecurity.
- $46.1 million for infrastructure security.
- $22.5 million for emergency communications.
- $41.2 million for integrated operations.
- $41.6 million for risk management operations.
- $16.2 million for stakeholder engagement and requirements.
- $14.1 million for mission support activities.
“Among the biggest threats to our national security is the threat of cyberattacks and intrusions,” said Chairwoman Rosa DeLauro (D-CT). “As our world moves increasingly online and threats to our democracy grow, this bill responds by protecting our critical cyber infrastructure and communications systems with dramatically increased funding,” she added.
“[The bill] provides significant new resources to improve the nation’s ability to prevent and respond to cyberattacks and threats to critical infrastructure…,” said Homeland Security Appropriations Subcommittee Chairwoman Lucille Roybal-Allard (D-CA).
CISA Budget Grows As Cyberthreats Rise
CISA’s funding has steadily increased over the last few years as legislators have begun to act on cyber threats posed by adversaries. For example, CISA received a $568 million windfall from last year’s funding level in the $1.5 trillion omnibus spending bill to underwrite the government through the fiscal year ended September 30, 2022. The legislation had an overall $2.6 billion budget for CISA. The measure also included provisions that require businesses in U.S. networks and critical infrastructure sectors to report to CISA evidence of possible hacking activity within 72 hours and ransom payments within 24 hours.