Ilona Cohen
Chief Legal and Policy Officer

The White House Should Prioritize Cybersecurity in its Budget

US dollar zoomed in

Next week, the White House will release its budget proposal for Fiscal Year 2025. With Congress still arguing about how to fund the government in 2024, the President’s fiscal plan is sure to land on Capitol Hill with a thud. But the budget is more than just numbers, it’s a signal from the Administration of its policy priorities, and cybersecurity policy goals must be at this budget’s forefront. With ongoing cyber attacks against the public sector, critical infrastructure, large and small businesses, and individual Americans, it's time to create and fund initiatives that will shift the advantage away from attackers. 

Recommendations for the FY2025 President’s Budget

Although there has been a consistent increase in cybersecurity funding across civilian agencies, the government is far from finished when it comes to bolstering its digital defenses and strengthening the country’s overall cybersecurity posture. The FY 2025 budget must have clear initiatives with funding plans that are aligned to maximize the effectiveness of cyber defenders. In furtherance of that goal, the President’s Budget should include: 

  • Critical Infrastructure Protection: With shocking testimony from CISA that malicious actors are “burrowing deep” in our critical infrastructure and health care providers still reeling from the Change Healthcare ransomware attack, now is the time to devote substantial resources to shore up critical infrastructure. Whether it be energy grids, transportation systems, or healthcare facilities, the President’s Budget should add funding to Sector Risk Management Agencies that support these sectors, and call for rapid development and enforcement of comprehensive regulations for critical entities. 
     
  • Leveraging Artificial Intelligence (AI) in Cybersecurity: While it’s true that malicious actors are leveraging AI to increase the speed and sophistication of their cyber attacks, AI also brings significant opportunities to enhance cybersecurity capabilities through automation, faster threat detection, anomaly analysis, and much more. Adequate resources must be deployed for research, development, and implementation of AI capabilities in cybersecurity. To ensure the safety and security of AI systems, the President’s budget should allocate funding for third-party red-teaming of all citizen-facing AI systems used by the Federal Government. Red-teams are especially effective when they are composed of a team of humans with a diverse base of expertise and can leverage automated tools to test and strengthen the security and trustworthiness of AI models. 
     
  • Grants for State, Local, and Education (SLED) Organizations: SLED organizations are experiencing sophisticated cyber attacks and are constrained by insufficient cybersecurity funding. The President’s Budget needs to provide more federally-funded cybersecurity resources through grants. The budget should add an additional $1 billion to the Department of Homeland Security (DHS) State and Local Cybersecurity Grant Program (SLCGP) and an additional $1 billion to the Federal Communications Commission (FCC) Universal Service Fund for cybersecurity needs in schools and libraries. Additional funds are needed to strengthen the cybersecurity of communities across the nation. 
     
  • Funding for Agencies: The White House should prioritize adequate funding for agencies like the National Institute of Standards and Technology (NIST), which plays a critical role in shaping cybersecurity standards, guidelines, and best practices to safeguard the nation from emerging threats. NIST is also responsible for developing frameworks to evaluate and validate AI systems and an increase in funding is essential to strengthen NIST’s initiatives in AI research, including projects focused on AI red-teaming. The President’s budget should include an additional $40m in NIST’s Cybersecurity and Privacy line to support these efforts.
     
  • Public-Private Partnerships: Collaboration between public and private sectors is essential to effectively protect the nation’s digital ecosystem. The President’s Budget should allocate resources to support public-private partnership initiatives like CISA’s Joint Cyber Defense Collaborative (JCDC) program. With additional resources JCDC can focus on threats against sectors such as healthcare, water, energy, education, election infrastructure, and other highly targeted areas. 
     
  • Workforce Development: Our expanding digital ecosystem increases the need for a workforce skilled in cybersecurity and AI. The President’s Budget should provide direct funding to primary and secondary education institutions for the development of curriculum, creation of hands-on technology labs, and training for all educators in cybersecurity and AI. 
     
  • International Collaboration: Cybersecurity is an area that transcends national borders, and the budget must allocate resources for diplomatic and operational efforts aimed at fostering international cooperation on cybersecurity issues. This includes initiatives to enhance information sharing, establish common cybersecurity standards, and coordinate responses to cyber incidents. The President’s budget should include funding for the State Department Bureau of Cyberspace and Digital Policy to push global adoption of the NIST Cybersecurity Framework 2.0 and the Secure Software Development Framework. 

Our nation’s cybersecurity is only as strong as its weakest link. By embracing these recommendations in the FY 2025 Budget, the Administration can take a strategic and forward-thinking approach that not only addresses current challenges but positions the nation to strengthen its cybersecurity efforts for years to come. 

The 7th Annual Hacker-Powered Security Report

Hacker-Powered Security Report