Members of the Cyberspace Solarium Commission are asking the chair and ranking member of the House Appropriations Committee to increase funding for the Cybersecurity and Infrastructure Security Agency (CISA) by at least $400 million, with some of that funding intended to make sure that CISA’s Continuous Diagnostics and Mitigation (CDM) program can quickly deploy security tools.
The commission is an intergovernmental group created in 2019 to develop strategic approaches to defend against cyberattacks on the U.S. Some of the recommendations from its report in 2020 – including to create the position of National Cyber Director – have become law since then.
Reps. Mike Gallagher, R-Wis., and Jim Langevin, D-R.I. – both members of the commission – wrote a letter to Appropriations Committee Chairwoman Rosa DeLauro, D-Conn., and Ranking Member Kay Granger, R-Texas, urging the CISA funding increase to improve security of Federal networks and build national resilience to cyber incidents. The congressmen wrote that as CISA’s mission set grows, appropriations must grow along with those mandates.
“For [Fiscal Year] 2021, the Commission recommended five different appropriations provisions which together amounted to more than $100,000,000 in increases to the CISA budget,” the congressmen wrote. “We expect some of the activities the Commission recommended in FY21 for defending Federal networks will be implemented with funding made available through the American Rescue Plan Act of 2021 (ARPA).”
“Funding appropriated by ARPA is expected to enable critical steps in remediating gaps in Federal network resilience, but that funding only covers one part of CISA’s work,” they added.
For FY22, CISA will need additional funding for expanding non-Federal network resilience efforts, the congressmen said, and those investments will have an immediate impact in accomplishing the commission’s recommendations. The investments will follow five lines of effort, including:
- Sector Engagement Capacity – Expanding CISA’s critical infrastructure sector engagement capacity and adding resources like personnel and funds to reimburse interagency detailees.
- Outreach and Services – Funding in support of targeted outreach to enhance connectivity with stakeholders that shape national cybersecurity.
- Expanding Federal Network Resilience – Providing additional resources to ensure CISA, through the Continuous Diagnostics and Mitigation (CDM) program, will deploy necessary tools more quickly.
- Enabling a Secure Ecosystem – Providing funding for program personnel and physical space and equipment for teams to grow in their role of “increasing operational resilience in the non-Federal space by driving secure behaviors and secure-by-design planning across the national cyber ecosystem.”
- Cyber Response and Recovery Fund – The proposed FY22 budget for CISA includes $20 million for a Cyber Response and Recovery Fund. This fund, which is based on a recommendation from the Solarium Commission, “is vital to ensuring that incident response capabilities can be brought to bear rapidly to assist non-Federal partners, particularly state, local, tribal, and territorial governments,” Reps. Gallagher and Langevin said.
Without increases in funding, the congressmen warned, “CISA would fall far short of the strong and effective cybersecurity agency the U.S. badly needs.”