Biden’s cybersecurity plan has a huge funding gap
The Biden administration is boasting about its planned $13 billion investment in cybersecurity for federal civilian agencies, but the White House’s plans neglect essential programs, including foundational research and standards setting.
The administration is once again requesting far too little for the National Institute of Standards and Technology (NIST), which develops cybersecurity standards and guidelines for the rest of the government. The White House directs NIST to play a critical role in its most important cybersecurity priorities, but does not fund the agency to match its importance. Unless Congress steps in, NIST will be unable to do the work assigned, jeopardizing the success of the administration’s cyber ambitions.
The National Institute of Standards and Technology, part of the Department of Commerce, conducts technical research into emerging technologies while also developing risk mitigation frameworks. Its most visible outputs are more than 200 directives that establish cybersecurity standards, technical specifications and guidelines that governments and private industry use as their benchmarks. NIST also maintains the Cybersecurity Framework, a detailed system for managing cybersecurity risks. It offers a methodology for identifying and prioritizing an organization’s assets and protecting those systems. Critical infrastructure operators, government contractors and federal agencies all measure the efficacy of their cybersecurity procedures against this framework.
Over the past three years, the administration has added new responsibilities to NIST’s already full plate. Just months after his inauguration, President Biden issued a sweeping executive order on improving national cybersecurity that, among other things, tasked NIST with developing guidelines on how to identify critical software and how to secure software supply chains.
Two years later, the White House issued a new National Cybersecurity Strategy to protect U.S. interests in cyberspace and position the nation “to realize all the benefits” of digital technology. NIST is the lead or contributing agency for nearly 20 percent of the initiatives implementing the strategy. Building on NIST’s existing efforts on cyber workforce development, the administration tasked NIST with establishing core competencies for cybersecurity-related jobs and supporting education and training programs.
Last summer, the administration announced the “U.S. Cyber Trust Mark,” a new certification and labeling program to help consumers identify baseline security standards for smart devices and Internet of Things technology. Although the Federal Communications Commission is running the program, NIST is developing the underlying cybersecurity requirements and collaborates with the FCC extensively.
Most recently, the administration issued an executive order aiming to address the “promise and peril” of artificial intelligence. Once again, officials chose to make NIST responsible for the technical backbone: establishing standards for AI development, use and evaluation; publishing guidelines and best practices for AI safety and security; evaluating the efficacy of privacy protections; and publishing an AI in Global Development Playbook that not only incorporates risk management principles but also global governance and human rights best practices.
Yet, despite the centrality of the National Institute of Standards and Technology to U.S. cybersecurity policy, its funding has not kept up with its missions. Back in 2020, the congressionally-mandated Cyberspace Solarium Commission — where a co-author of this essay served as executive director — warned that NIST “lacks the resources necessary to meet the increasing demands on its staff and support expanding mission requirements.” The White House requested only $79.4 million for NIST’s cybersecurity and privacy program in FY20.
Consequently, the commission’s congressional co-chairs urged their appropriations colleagues to increase NIST’s FY21 cybersecurity and privacy program to $107.5 million, but to no avail — NIST’s budget remained relatively stagnant. Two years later, the commission’s co-chairs again called for NIST’s cybersecurity and privacy program to be upped to $135.9 million, noting further tasking from executive orders.
But NIST’s budget has continued to fall far short of the Cyberspace Solarium Commission’s recommendation. This year’s budget requested just $96.8 million for the program, below even what the commission’s co-chairs recommended four years ago. With inflationary pressures taken into account, the difference is even more stark.
This decrease is disturbing. Without appropriate funding, NIST will be unable to carry out critical research that directly affects the cybersecurity of American citizens. If the administration and Congress continue to increase NIST’s workload, the agency will need more resources to hire staff to do its work in a timely and efficient manner.
NIST’s Cybersecurity and Privacy program needs an increase of at least $50 million over the FY25 request of $96.8 million to invest in the hiring and retention of a sufficiently skilled workforce, and to scale its programs to support the additional research and development responsibilities with which it has been tasked. Within that increase, NIST should specifically receive an additional $20 million toward its cybersecurity education initiatives; $7 million for its AI-related initiatives; and $6 million to support Internet of Things security programs, including its work on the U.S. Cyber Trust Mark.
Without the proper funding, NIST will be forced to choose between its traditional role of producing much-needed cybersecurity frameworks and guidelines or dedicating resources towards the government’s ambitious and high-visibility initiatives. Either way, U.S. national security will suffer.
It’s not enough to just spend $13 billion on cybersecurity — the money has to be invested in the right places. The Biden administration and Congress are missing the mark by underfunding NIST. This failure gives both our adversaries and cyber criminals an edge in their hostile cyber ambitions — an edge we can’t afford.
Rear Adm. (Ret.) Mark Montgomery is a senior director at the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies. He directs CSC 2.0, which works to implement the recommendations of the Cyberspace Solarium Commission, where he previously served as executive director. Follow him @MarkCMontgomery. Michael Sugden is a research analyst and editorial associate with CCTI at FDD.
Date: | |
Tag: | Joe Biden |
Filter
-
The candour gap has become a problem for politicians
People are much more open and honest in their private lives and now expect the same from their leadersFinancial Times - Business -
Best Buy has a huge sale on TVs ahead of Memorial Day
Save hundreds on TVs from top brands like Samsung, LG, TCL and more with Best Buy's pre-Memorial Day deals.CBS News - Top stories -
The Executive Who Revived Barbie Has a New Long-Shot Mission: Save Gap
CEO Richard Dickson is trying to make the clothing company cool again—one hoodie at a time.The Wall Street Journal - World -
The Executive Who Revived Barbie Has a New Long-Shot Mission: Save Gap
CEO Richard Dickson is trying to make the clothing company cool again—one hoodie at a time.The Wall Street Journal - Business -
House GOP looks to undercut McCarthy-Biden deal for 2025 funding
Rep. Tom Cole (R-Okla.), chair of the powerful House Appropriations Committee, on Thursday previewed the funding levels at which GOP negotiators are seeking to craft their annual government spending bills for fiscal 2025. Republicans are proposing ...The Hill - Politics -
Biden's HHS is trying to twist the Hyde Amendment to mandate abortion funding
HHS has taken a lot of aggressive positions under this administration, but this may be its most ludicrous.The Hill - Politics - Joe Biden -
Cristiano Ronaldo says he has no plans to retire: 'I feel proud to have this age and still compete'
The 39-year-old is under contract with Saudi Arabia's Al-Nassr until 2025CBS Sports - Sports -
Yonhap news agency says Seoul court has ruled in favor of the government’s plan to boost medical school admissions
Yonhap news agency says Seoul court has ruled in favor of the government’s plan to boost medical school admissionsABC News - Health -
Putin says Russia wants a buffer zone in Ukraine's Kharkiv but has no plans to capture the city
Yahoo News - World - Ukraine -
Biden’s student-loan forgiveness plan comment period is ending. Here’s what people are saying.
Many commenters are urging the Biden administration to move forward with its mass student-loan forgiveness plan.MarketWatch - Business - Joe Biden
More from The Hill
-
White House hits back at Stefanik after she blasts Biden in Israel
The White House hit back against House Republican Conference Chair Elise Stefanik’s (R-N.Y.) speech before the Israeli government’s legislative body on Sunday, when she attacked President Biden for his policy approach to Israel and the war in ...The Hill - Politics - Joe Biden -
Biden addresses NAACP in Detroit: Watch live
President Biden will give remarks Sunday at a campaign event with the NAACP in Detroit, Michigan, following his commencement speech at Morehouse College, where the president made his first appearance on a college campus since the start of the ...The Hill - Politics - Joe Biden -
Stefanik blasts Biden in speech to Israel's Knesset
Rep. Elise Stefanik (R-N.Y.) harshly denounced President Biden’s policy toward Israel during a speech to the country’s parliament, the Knesset, on Sunday in Tel Aviv. Stefanik, the highest-ranking Republican to visit Israel since the outbreak of ...The Hill - Politics - Joe Biden -
Here are the 7 states most likely to flip in the Biden-Trump race
The looming November rematch between President Biden and former President Trump could be decided by just a handful of states. Six months out from Election Day, all eyes are on seven toss-up states — Arizona, Georgia, Michigan, Nevada, North ...The Hill - Politics - Joe Biden -
Trump suggests he could be a 3-term president if he wins election
Former President Trump suggested Saturday that he could be considered a three-term president if he clinches a win next November. Speaking to the National Rifle Association (NRA) on Saturday, Trump questioned whether he would be a two- or ...The Hill - Politics - Donald Trump