President Biden released his first annual budget request on May 28. From this Fiscal Year (FY) 2022 request, we can see several key focus areas across the Federal government in matters pertaining to data, information technology, and cybersecurity. Although the annual budget request is just that — a request made to Congress for funding of which Congress is under no obligation to follow — it does provide a roadmap for where Federal spending is heading in the coming year and likely years to come.
The Biden Administration’s stated top priorities for federal civilian agencies are IT modernization, cybersecurity and improving the federal IT and cyber workforce. To execute on these top priorities, the Administration has requested $58.4 billion for FY 2022 federal civilian agencies IT spend, a 2.4% increase over FY 2021. The proposed budget would support delivering critical citizen services, reducing cybersecurity risk, modernizing legacy IT, recruiting and reskilling the federal IT workforce, keeping sensitive data and systems secure, migrating agencies to commercial cloud solutions and shared services, and transforming to a digital government.
Cybersecurity is one of the highest priorities for the Biden Administration following the SolarWinds and ransomware incidents seen in critical infrastructure recently. The proposed budget request includes $9.8 billion, a 14% increase over FY 2021, for civilian agencies cyber activities to reduce the risk of cyber incidents using a data driven risk-based model. This is the largest proposed increase ever to address cybersecurity and a majority of federal civilian agencies received increases for their proposed cyber budgets from the Department of Agriculture ($56 million), Department of Treasury ($137 million), FBI ($15.2 million), and the Department of Commerce ($106.9 million). Included in the proposed $9.8 billion is $20 million for the new Cyber Response and Recovery Fund to help critical infrastructure providers with their responses to cyber incidents, $15 million to support the stand up of the new Office of National Cyber Director, and funding for the Federal Acquisition Security Council to implement an enterprise supply chain risk management program.
COVID-19 has accelerated IT modernization and made it a vital priority for agencies to replace aging infrastructure and systems. The Biden Administration has directed agencies to leverage commercial capabilities to modernize and several agencies are seeking large increases in their budget requests for modernization efforts. For instance, the IRS budget request increased by more than 10% to modernize aging IT systems, while the Department of Justice is seeking a significant increase in funding for IT modernization. The Administration also requested $500 million for the Technology Modernization Fund (TMF) on top of the $1 billion included in the American Rescue Plan Act. The Administration has prioritized funding projects on digital services, cybersecurity, high-priority systems modernization and cross-government services and infrastructure. Additionally, the USAID, Department of Labor, and OPM are seeking authority to use their working capital fund (WCF) for IT modernization purposes, in accordance with the Modernizing Government Technology Act (MGT Act), which allows agencies to retain or save money and apply it to IT modernization. In addition,the Administration has made clear its intent to continue to leverage commercial capabilities to replace customized government technology where appropriate and will continue to support implementation of the Federal Data Strategy to help agencies use and manage federal data to deliver services to the public.
Even though we are still likely a few weeks away from DoD’s submission of their IT and cybersecurity Congressional justification books detailing their requested funding plans, we can find some important highlights in the Defense Budget Overview. Of particular note is that it appears that the Trump Administration's Digital Modernization Strategy will continue on in some form under the current Administration. According to the Budget Overview:
“The FY 2022 Cyberspace Activities budget ($10.4 billion) continues to build on the goals laid out in the Digital Modernization Strategy (DMS); Innovate for Competitive Advantage, Optimize for Efficiencies and Improve Capability, Evolve Cybersecurity for Agile and Resilient Defense Posture, and Cultivate Talent for a Ready Digital Force.”
DoD has requested $615 million to implement a zero trust architecture, specifically identifying the deployment of Comply-to-Connect Department-wide. This follows on from DISA’s public release of their zero trust reference architecture earlier this Spring. Likewise, substantial funding has been requested for both Identity and Credential Access Management ($243.9 million) and Automated Continuous Monitoring ($339.7 million). Security orchestration and automation capabilities are key to successfully defending and remediating against growing cyber threats.
The forthcoming Joint All-Domain Command and Control (JADC2) Strategy is also previewed in this budget request. In addition to the Air Force’s Advanced Battle Management System (ABMS) ($204 million) and the Army’s Project Convergence, the Department of the Navy is working to be fully integrated into the JADC2 construct. With Project Overmatch, established by the CNO last Fall, the Navy plans to “seamlessly network sensors, platforms (manned and unmanned) and weapons for decision advantage.” In support of this effort the Navy has requested $5.8 billion for major information warfare programs, with a key increase over last year’s request for enterprise networks.
As the Congressional budget hearing season plays out over the Summer, and with new cyber breaches announced almost weekly, Congress should seriously consider fully funding DoD’s IT and cybersecurity funding requests for the coming year.
This article was co-authored by Pam Walker, Senior Policy Analyst, Legal & Global Affairs at Splunk.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.