Biden's budget proposal boosts CISA funding to $3b

US President Joe Biden has asked Congress to approve an extra $103 million in funding for the Cybersecurity and Infrastructure Security Agency, bringing CISA's total budget to $3 billion.

Biden proposed his $7.3 trillion spending plan for fiscal year 2025 on Monday, which in addition to boosting CISA's funding, it also provides $13 billion to improve cybersecurity across government departments and agencies.

While it's unlikely to pass guaranteed to go nowhere in the Republican-controlled House of Representatives, it's a good indication of the president's priorities as he seeks re-election for a second term.

"To protect against foreign adversaries and safeguard Federal systems, the Budget bolsters cybersecurity by ensuring every agency is increasing the security of public services," according to the proposal [PDF].

This includes an additional $25 million for the Justice Department's cyber intelligence and analysis capabilities, and $5 billion to expand a new section within DOJ that will focus on cyber threats to national security. 

There's also $2 million to support the DOJ's implementation of Executive Order 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.

On CISA and Biden's wishlist for America's top cybersecurity agency: this $3 billion proposed budget marks a $103 million increase over the 2023 enacted funding level. It includes $470 million to deploy networking tools, including endpoint detection and response, across federal networks. It also earmarks $394 million for CISA's internal cybersecurity and analytical capabilities.

CISA would also be able to put $41 million toward critical infrastructure security coordination, and $116 million to implement the Cyber Incident Reporting for Critical Infrastructure Act. Biden signed  CIRCIA into law in 2022, and CISA is expected to issue a notice of proposed rulemaking later this month, which will detail how the 16 US critical infrastructure sectors will be required to report ransomware and other cybersecurity incidents to CISA.

The additional CISA funding is significant because Republicans have repeatedly attempted to gut the agency's budget. We will probably see and hear more of this from Republican presidential candidate Donald Trump, who continues to blame the agency — and a vast conspiracy by Democrats — for his loss at the polls in 2020, despite all evidence to the contrary.

Cybersecurity funding for health care

Biden's budget proposal also invests about $1.5 billion in healthcare cybersecurity at a time when hospitals, pharmacies and medical offices across the country are struggling to recover from the Change Healthcare ransomware infection, which disrupted prescription orders, insurance payments and patient care at thousands of facilities.

"Cyber attacks on the healthcare system disrupt patient care and put patient safety at risk, and the healthcare system continues to be a target for cyber criminals," the proposed spending plan warns, noting a 95 percent increase in large data breaches reported to the US Department of Health and Human Services (HHS) from 2018 to 2022. This figure includes ransomware attacks.

Biden also wants to allocate $800 million to HHS to "help high-need, low-resourced hospitals cover the upfront costs associated with implementing essential cybersecurity practices." It includes $500 million to fund an incentive program, intended to encourage hospitals to invest in "advanced cybersecurity practices" — these likely include the "enhanced" health-care specific cybersecurity goals outlined in HHS' voluntary cybersecurity performance goals.

The proposed budget also provides $141 million for ongoing HHS infosec efforts, including  $11 million to expand the department's capacity to protect the privacy and security of health information via the Health Insurance Portability and Accountability Act of 1996 modernization efforts. ®