White House allocates $9.8B to cybersecurity in 2022 budget request
Just over two months after receiving roughly $2 billion in emergency funding for tech and cybersecurity modernization, the Biden administration wants more money from Congress to build on those investments.
The White House has asked for $500 million to be added to the federal government’s Technology Modernization Fund and $9.8 billion to go specifically toward civilian cybersecurity programs across the government — up from about $8.7 billion for fiscal 2021 — according to its fiscal 2022 budget request released Friday.
Under the passage of the American Rescue Plan in March, the TMF received a $1 billion injection, which the TMF Board has since said it will prioritize for the most pressing modernization and cybersecurity needs across government.
The TMF is a central pot of appropriations intended to fund modernization projects under the stipulation that participating agencies pay back the funding within a set time, typically five years. However, the board recently introduced new repayment flexibilities for higher priority projects to encourage agencies to apply for funding.
“With the continuously evolving IT and cyber landscape, these investments are an important down payment on delivering modern and secure services to the American public, and continued investment in IT will be necessary to ensure the United States meets the accelerated pace of modernization,” says the administration’s budget proposal.
Rep. Gerry Connolly, D-Va., a top advocate in Congress for federal IT modernization, told FedScoop in an emailed statement he is happy to see the call for additional support through the TMF. Connolly was a co-author of the Modernizing Government Technology (MGT) Act, which was signed into law in late 2017 and created the TMF.
“I am pleased to see that the Biden Administration continues to recognize the importance of investing in the federal government’s IT and cyber infrastructure through the Technology Modernization Fund,” Connolly said. “The MGT Act established the TMF with two significant goals in mind: to improve information technology and enhance cybersecurity across the federal government. Those goals are essential to the success of the government, both now and in the future.”
Appropriators, however, gave been hesitant in the past to fork over money to the nascent TMF program until it’s a proven, successful model. And with $1 billion already sitting in the fund, appropriators may want to see some evidence that that emergency funding is spent meaningfully before handing over an additional $500 million, said Matthew Cornelius, executive director of the Alliance for Digital Innovation.
“There’s this weird dynamic where there’s still an incredible amount of political support from the administration, both from the previous as well as this one, on the TMF,” Cornelius told FedScoop. “But there’s also a real need to change that operating model that was sort of instituted three or four years ago in order to get that $1 billion out and to then make the case for why the additional $500 million is needed.”
To date, the TMF program has “awarded ten initiatives a total of approximately $79.4 million,” the budget document says. Until the American Rescue Act, only $175 million had been put into the fund over four appropriation cycles.
Ultimately, it will come down to House Appropriations Subcommittee on Financial Services and General Government to prioritize its 2022 allocations toward the TMF, Cornelius said. So, the agencies in charge of TMF administration — the Office of Management and Budget and the General Services Administration — should work over the next few months to make good headway awarding some of that $1 billion, he said.
“If OMB and GSA get their act together, really push forward quickly on high priority projects where they spend a good chunk of that billion that they’ve been given here over the next four to five months as they continue to make their case to the appropriators, there’s an opportunity for them to get more money in there,” Cornelius said.
Cybersecurity would see a solid boost
Of the greater $9.8 billion proposed for civilian cybersecurity, $110 million would go to support the Cybersecurity and Infrastructure Security Agency‘s federalwide cybersecurity efforts and $750 million to agencies affected by recent cyberattacks, like the sweeping SolarWinds hacks, “to address exigent gaps in security capability,” the proposal says. CISA got $650 million in emergency funding under the American Rescue Plan.
“These resources would better enable Federal agencies to protect technology and safeguard citizen’s sensitive information from the threats posed by cybercriminals and adversaries,” the budget proposal says. “Agencies will continue to improve cybersecurity practices, implement supply chain risk management programs, develop coordinated vulnerability disclosure programs, and improve cyber threat intelligence analysis.”
Just Thursday night, it was revealed that the U.S. Agency for International Development was the latest federal agency to be hit by a cyberattack, reportedly by the same Russian hackers responsible for the SolarWinds breach, according to Microsoft.
Additionally, the budget proposes setting aside $15 million to support the launch of the White House’s Office of the National Cyber Director position.
Despite the uptick in money requested for cybersecurity, what the budget proposal doesn’t seem to account for is the new mandates from the Biden administration’s recent cybersecurity executive order, Cornelius said.
“Because of the timing from the budget and the EO, there’s really not money in the budget to implement any of that stuff,” he said. Outside of the additional $860 million combined that would go to CISA and to address recent hacks, most of the additional cybersecurity request increase is for “plus ups…independent of the additional activity they’re going to have to take on as part of the EO,” Cornelius pointed out.
These elements fall under a larger federal-wide civilian IT proposed budget of $58.4 billion for 2022, up from the $57.1 billion estimated for this current fiscal year.
These figures do not include the Department of Defense’s IT budget, which is released separately. As context, DOD requested $38 billion for IT in fiscal 2021.
The budget proposal mentions a number of other IT initiatives the administration looks to support, such as IT workforce development, the Federal Data Strategy and the U.S. Digital Service, but it doesn’t explicitly provide information on their funding. USDS got $200 million under the American Rescue Plan, multiplying several times over what the organization has received in funding so far during its short life.