While federal IT infrastructure lags private sector upgrades, President Joe Biden's fiscal year 2022 budget proposal aims to change that.
The budget, which awaits congressional scrutiny before approval, invests heavily in modernization to improve federal cybersecurity and services. Increases in spending for the Technology Modernization Fund (TMF), Cybersecurity and Infrastructure Security Agency (CISA) and other IT efforts center around lessons learned from recent attacks and years of IT disruption.
Biden's $6 trillion budget allocates $58.4 billion toward IT, including $9.8 billion for cybersecurity, at civilian agencies in FY22. The funds will be used to "deliver critical citizen services, keep sensitive data and systems secure, and further the vision of digital Government," an Office of Management and Budget (OMB) analysis of the budget reads.
Repeated concerns about legacy, insecure government IT date back decades. Inspector general reports across agencies regularly outline problematic tech infrastructure, recently calling out 50-year-old technology riddled with security and support concerns.
A $500 million boost to TMF in the fund — which recently received an unprecedented $1 billion from Biden's American Rescue Plan — will fund government IT modernization proposals from agencies. The funding vehicle allows federal agencies to borrow cash upfront to invest in digital services, cross-government collaboration and modern technology, which are paid back with cost-savings from modernization.
"Federal agencies’ ongoing efforts to modernize their IT will enhance mission effectiveness and reduce mission risks through a series of complementary initiatives that will drive sustained change in Federal technology, deployment, security, and service delivery," the OMB analysis states.
The budget recognizes IT improvements can't happen without a federal workforce to support it. Biden's budget "proposes to identify and address critical skills gaps across the IT and cybersecurity workforce" by investing in recruitment, retention and training programs.
SolarWinds 'lessons learned' shape cybersecurity strategy
Biden's inaugural budget proposal increased cybersecurity spending at civilian agencies by $1.2 billion, including investments "to respond to lessons learned from the SolarWinds incident," the budget reads.
The budget also establishes a Cyber Response and Recovery Fund, allocating $20 million, to "improve national critical infrastructure cybersecurity response." The fund was proposed by the Cyberspace Solarium Commission to better assist infrastructure response to cyber incidents, gaining increased attention following the attack against an Oldsmar, Florida water treatment facility and the more recent Colonial Pipeline disruption.
"The systemically important critical infrastructure entities, and their most vital systems and assets, are pressure points in our grid, and targets for both nation state adversaries and criminal actors," said Sen. Angus King, I-Maine, and Rep. Michael Gallagher, R-Wis., CSC co-chairs, in a joint statement following the Colonial Pipeline incident.
On top of a $110 million increase for CISA, the Biden budget proposes $750 million for agencies affected by recent cyberattacks. SolarWinds stands out as a major attack sparking federal action in recent months but phishing and attacks on critical infrastructure have left agencies vulnerable, too.
"Agencies will continue to improve cybersecurity practices, implement supply chain risk management programs, develop coordinated vulnerability disclosure programs, and improve cyber threat intelligence analysis," the budget states.
The budget also allocates $15 million to support the Office of the National Cyber Director established by the National Defense Authorization Act. Chris Inglis will be the first in the national cyber director role, tasked with contingency planning and coordinating public and private sector cyber response.