The White House has allocated a total of $3.1bn to cybersecurity infrastructure in its latest budget report.
Published on Thursday, the document shows $145m of this figure will go toward making the Cybersecurity and Infrastructure Security Agency (CISA) “more resilient and defensible.”
Of the remaining funds, $98m will be invested in implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2021 and $425m to improve CISA’s internal cybersecurity and analytical capabilities.
“To protect against foreign adversaries and safeguard Federal systems that the American people rely on, the Budget bolsters cybersecurity by ensuring every agency is increasing the security of public services,” reads the document.
According to Ilona Cohen, chief policy officer at security platform HackerOne, the funds will be essential to creating a more skilled and diverse cybersecurity workforce, supporting the transition from legacy systems to modern infrastructure and fostering the adoption by agencies of zero-trust architectures.
“I believe legislators can accomplish all of the above and encourage the adoption of best practices around vulnerability disclosure,” Cohen added. “Launching vulnerability disclosure programs and trusting ethical hackers is crucial for identifying the most critical vulnerabilities within our digital infrastructure and establishing more resilient systems.”
However, Richard Bird, CSO at API security firm Traceable AI, said that while the new cybersecurity investments are welcome, it’s disappointing to see a focus on outdated ways of thinking.
“Faster incident reporting is not a security improvement, no more than an alarm system that goes off two days after you have been robbed is a security improvement,” Bird explained. “It’s time for the US government to get serious about legislating actual cyber protections for citizens and consumers in our nation instead of taking half measures and half steps like this.”
The budget announcement comes days after the Biden-Harris administration published its National Cybersecurity Strategy.