CISA received $650 million from the American Rescue Plan Act, but the agency's top officials have described that as only a "down payment" to move the government's cybersecurity efforts.
An industry coalition focused on cybersecurity is urging top congressional appropriators to give the Cybersecurity and Infrastructure Security Agency a $750 million boost in the fiscal year 2022 budget, citing the various attacks on federal agencies and the private sector in the past year.
"The recent SolarWinds, Colonial Pipeline, and Pulse Connect Secure attacks have shown just how vulnerable our public and private sector information technology (IT) systems are to these nation state actors and cyber criminals," according to the letter.
The letter was sent by the Alliance for Digital Innovation, CompTIA, Cybersecurity Coalition, ITI and the Internet Association. It was addressed to chairmen and ranking members of both the House and Senate Appropriations Committees.
The Office of Management and Budget recently announced the administration would publish its full fiscal year 2022 budget on May 27. Congressional committees until now have been reviewing top-level overviews of the upcoming budget, a practice usually done while a new administration reviews the budget proposal of its predecessor.
There have been multiple efforts to expand CISA's budget and authorities in the wake of the attack against SolarWinds. The agency received $650 million from the American Rescue Plan Act, but top agency officials, such as Brandon Wales, the acting chief, told lawmakers earlier this year that funding was essentially a "down payment" on strengthening the federal government's cybersecurity enough to detect and stop another espionage campaign.
Separately, the House Homeland Security Committee on Tuesday advanced a bill that would allow CISA to work directly with critical infrastructure owners and operators on risk mitigation strategies. Prior to the SolarWinds intrusion being discovered, lawmakers had already considered and were moving to provide CISA with administrative subpoena authorities through the FY-21 National Defense Authorization Act
The industry letter recommends the $750 million be spent on accelerating the Continuous Diagnostics and Mitigation program, expanding the national cybersecurity assessments and technical services program, promoting zero trust architectures and expanding the federal cybersecurity workforce.
The groups also say the money should be used to expand CISA's outreach services to state and local governments as well as modernize the National Cybersecurity Protection System.