Last week, FBI Director Christopher Wray noted that “if each one of the FBI's cyber agents and intel analysts focused exclusively on the China threat, Chinese hackers would still outnumber FBI Cyber personnel by at least 50 to 1.” It is somewhat of an alarming comment (that caught a lot of headlines), especially when you consider it was just a reference to hackers in China and that it does not account for the litany of state and non-state entities that working tirelessly to undermine U.S. systems. It is a good reminder of why the looming funding discussion around cybersecurity is so important…and increasingly bipartisan.
The Fiscal Year 2024 proposed budget by the President includes $26.2 billion for cybersecurity - half of which would be for the Department of Defense. Cybersecurity funding is only becoming more necessary across the federal civilian branch, especially with several high-profile incidents impacting agencies over the past several years. Also notably, the FY24 budget request proposes a $145 million increase for the Cybersecurity and Infrastructure Security Agency (CISA) - which would receive a total of $3.1 billion in funding in the proposed budget.
The focus of the funding debate is now on the House and Senate Appropriations Committees, which are working on their draft bills in hopes to reach an agreement this summer. Looking at its recent history (the omnibus spending package from Fiscal Year 2023), Congress is likely to find bipartisan agreement around strong investments into cybersecurity infrastructure. CISA’s cyber funding, for example, increased by $230 million in that funding package, which was accompanied by significant increases across federal agencies. I would expect a similar commitment to cyber investment broadly this year - especially as funding is growing more complex, more partisan, and more limited.
The cybersecurity threats facing the U.S. are increasingly sophisticated and well-funded. Our cybersecurity investments, therefore, must remain ahead of these threats and do so across both government and private systems. Efforts thus far have mainly focused on protecting government systems at all levels and on enhancing protections and information sharing across the private sector.
As this funding debate begins, look to cybersecurity accounts as a place where both sides of the political aisle can unite around key investments. There is also a strong opportunity through the remainder of the year for narrower individual bills to pass, which may also carry policies that could potentially require future funding. It is clear that cybersecurity policy is only going to grow in impact and importance, and that Congress will need to ensure that federal funding is able to meet the moment.