Biden Calls on Congress for Increased Funds for IT Modernization and Cybersecurity

Recently, the Washington Post reported on then President-elect Joe Biden’s COVID relief proposal, which called on Congress to “launch the most ambitious effort ever to modernize and secure federal IT and networks.” The request comes on the heels of revelations of the SolarWinds breach that impacts multiple federal agencies.

One major element of Biden’s IT proposal is to have Congress expand and improve the Technology Modernization Fund (TMF) with $9 billion “to help the U.S. launch major new IT and cybersecurity shared services at the Cyber Security and Information Security Agency (CISA) and the General Services Administration and complete modernization projects at federal agencies.” Since its inception under the Modernizing Government Technology Act of 2017, Congress has funded the TMF with $100 million in FY 2018 and $25 million in each fiscal year since.

Another key element is to “surge cybersecurity technology and engineering expert hiring” with $200 million for the Information Technology Oversight and Reform fund to facilitate the rapid hiring of hundreds of cyber experts to support the federal Chief Information Security Officer (CISO) and U.S. Digital Service.

It’s Still About Basic Cyber “Blocking and Tackling” . . . and People

Just a day before the Biden announcement the Cybersecurity and Infrastructure Security Agency issued analysis to help federal agencies and others defend against attackers targeting cloud services, attacks most recently highlighted by the exploitation of compromises in SolarWinds Orion Platform software. CISA highlighted “cyber threat actors using phishing emails with malicious links to harvest credentials for users’ cloud service accounts” as a persistent and successful threat vector. Phishing and other social engineering techniques are nothing new, but they are getting increasingly sophisticated and more challenging to detect, even by the most wary end-user.

Here’s the catch. Cloud computing approaches have increasingly been touted as and effective and efficient means to both bring modernization and security to agency IT and applications. No arguments there. Yet the latest CISA analysis points us back to the basic “blocking and tackling” of good cyber hygiene practices like patching and having security-savvy end-users who can recognized and evade phishing attempts. That being the case, $9 billion in modernization funds will only go so far in achieving the effective security posture that agencies have been pursuing via cloud and other methods unless the issues of phishing and end-user behavior is overcome.

The second element of the Biden team proposal – “the rapid hiring of hundreds of cybersecurity technology and engineering experts to support the federal Chief Information Security Officer and U.S. Digital Service” may prove to be the heavier lift by comparison, even with $200 million more for the Information Technology Oversight and Reform fund.

The urgent need to build depth and breadth within the federal cybersecurity workforce has been on the minds of federal leaders for a long time. Back in 2009, then Department of Homeland Security (DHS) Secretary Janet Napolitano announced new hiring authorities to recruit and hire up to 1,000 cybersecurity professionals over three years to fulfill critical cybersecurity roles to protect the nation’s cyber infrastructure, systems and networks. Those authorities – and the incoming Biden Administration’s hiring proposal – recognize the challenge that agencies have in competing for cybersecurity talent. Napolitano was faced with the challenge more than a decade ago and that competitive environment has become even fiercer over time, as cybersecurity has become more prominent in the minds of both private and public organizations.

While increased funding always holds the promise of success in overcoming persistent IT and cybersecurity challenges federal agencies will continue to benefit from and rely upon the experience and expertise of industry partners who share the administration’s goals of modernized and secure federal IT infrastructure and information.