The House Appropriations Committee has proposed a budget of $2.4 billion for the Cybersecurity Infrastructure and Security Agency (CISA) for fiscal 2022, a bump of roughly $400 million more than last year and just shy of $300 million over its request earlier this year.
The CISA serves as a critical communications pipeline for MSSPs, MSPs and cybersecurity professionals who need to track, manage and mitigate vulnerabilities, cyberattacks and more.
U.S. lawmakers have growing interest in boosting the CISA's capabilities. The reason: A series of destructive cyber attacks, including the SolarWinds Orion hack, the Colonial Pipeline ransomware incident, the Microsoft Exchange attack and a cyber hijack on meat producer JBS has spooked lawmakers that not enough funding has been allocated to fortify the nation’s cyber defenses.
“As recent events like the Colonial Pipeline hack have demonstrated, it is obvious that we must do more to secure our nation’s cyber infrastructure,” Committee Chairwoman Rosa DeLauro (D-CT) said. “That’s why this bill’s investments in preventing cyber attacks and rooting out cyber intrusions are so critical.”
The supplemental $400 million would be directed towards securing critical infrastructure facilities, incident response, risk management and other security related issues. CISA’s budget increase is packaged in the $53 billion requested in fiscal 2022 discretionary funding for its umbrella agency the Department of Homeland Security (DHS), $934 more than for fiscal 2021.
Legislative proposals to boost CISA’s discretionary funding have come from a number of corners following President Biden’s $1.52 trillion FY 2022 budget request sent to Congress in mid-April. More than $2 billion in discretionary funding allocated to CISA is line-itemed in the proposed allocation, which amounted to a $110 million increase from the 2021 enacted level. Additional provisions in the FY 2022 discretionary budget proposal include:
- $20 million for a Cyber Response and Recovery Fund.
- $500 million for the Technology Modernization Fund.
- $750 million for IT enhancements to federal agencies.
- $128 million to expand scientific and technological research at the National Institute of Standards and Technology.
CISA received $650 million in the March coronavirus relief package.
Biden’s proposed CISA budget has been followed in quick succession by a number of legislative calls for more. In May, Reps. Jim Langevin (D-RI) and Mike Gallagher (R-WI) lobbied the Committee to allocate at least $400 million more to CISA’s FY 2022 budget in the wake of the SolarWinds and Microsoft Exchange Server attacks. That was followed by a budget proposal submitted by Rep. John Katko (R-NY), the ranking member of the House Homeland Security Committee, to bump CISA’s funding 25 percent to some $2.5 billion for FY 2022. In March, Katko said he “could easily see” Congress giving CISA a $5 billion budget “in the coming years.”
In June, Senators Chuck Schumer (D-NY) and Kirsten Gillibrand (D-NY) called for a $500 million increase in funding for CISA in the wake of a network breach of New York’s Metropolitan Transit Authority (MTA). The senators said the extra CISA funding could help keep hackers from breaching public computer systems, including the MTA.
Cybersecurity takes a backseat in President Biden’s proposed $2.25 trillion infrastructure package with no money allocated to defend the country from cyber attacks on critical infrastructure targets.