The White House this week released a memorandum outlining the administration’s proposed cybersecurity budget priorities for government departments and agencies for the fiscal year 2025.
The priorities are consistent with the five pillars described in the National Cybersecurity Strategy: defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships focusing on shared goals.
Of the five pillars, the first two stand out as they involve pushing mandatory regulation for critical infrastructure vendors, and allowing a more aggressive hack-back approach when dealing with ransomware groups and state-sponsored threat actors.
In terms of defending critical infrastructure, the new memorandum on investment priorities highlights modernizing federal defenses (with a focus on zero trust), improving baseline cybersecurity requirements, and scaling collaboration between the public and private sectors.
In the case of disrupting and dismantling threat actors, the budget memo focuses on countering cybercrime and defeating ransomware, with the goal of “mounting disruption campaigns and other efforts that are so sustained, coordinated, and targeted that they render ransomware no longer profitable”.
For the third pillar, focusing on security and resilience efforts, the White House has highlighted securing software and leveraging federal procurement to improve accountability, and using federal funding programs to ensure that security is integrated into the design and building phases of a project.
In order to create a more resilient future, the White House recommends focusing on strengthening the cyber workforce and preparing for a post-quantum future.
The Biden administration also recommends prioritizing cybersecurity investment for forging international partnerships, specifically strengthening the cyber capacity of international partners and the United States’ ability to assist partners, as well as securing global supply chains for information, communications, and operational technology (OT) products and services.
Departments and agencies have been advised to follow the outlined investment priorities when making budget submissions to the Office of Management and Budget (OMB) for FY 2025.
“OMB and the Office of the National Cyber Director (ONCD) will jointly review agency responses to these priorities in the FY 2025 Budget submissions, identify potential gaps, and identify potential solutions to those gaps,” the memo reads. “OMB, in coordination with ONCD, will provide feedback to agencies on whether their submissions are adequately addressed and are consistent with overall cybersecurity strategy and policy, aiding agencies’ multiyear planning through the regular budget process.”
The White House noted that a separate memorandum will be released to summarize cybersecurity research and development priorities.
The administration has been aiming to increase cybersecurity spending, with the budget proposal for fiscal year 2024 seeking hundreds of millions of dollars of additional funding for cybersecurity projects and initiatives.
Related: Potential Outcomes of the US National Cybersecurity Strategy
Related: Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy
Related: White House Cybersecurity Strategy Stresses Software Safety