Lawmakers call for increasing the budget of key federal cybersecurity agency

A pair of House lawmakers are urging legislators to appropriate more funding for a key federal cybersecurity agency after a year in which cyber threats skyrocketed. 

Reps. Jim Langevin (D-R.I.) and Mike Gallagher (R-Wis.) sent a letter, provided to The Hill on Monday, to the leaders of the House Appropriations Committee asking them to carve out at least $400 million in additional funding for the Cybersecurity and Infrastructure Security Agency’s (CISA) upcoming budget allocation. 

The representatives pointed to CISA’s leadership role in responding to both the recent SolarWinds hacking incident, which involved Russian hackers compromising nine federal agencies, and to new vulnerabilities in Microsoft’s Exchange Server that allowed Chinese hackers to potentially breach thousands of organizations.

“As part of the U.S. government response to both, CISA played a central role, providing cyber defenders in its sister agencies and critical infrastructure providers across the country with timely and reliable information on the threat and indicators of compromise,” Langevin and Gallagher wrote. “Meanwhile, CISA continues to provide services to the rest of the U.S. government to identify threats and harden federal networks against future attacks, to the extent that their resources allow.”

“Despite the critical functions that CISA is currently performing, far more is required of the agency in order to build meaningful security in federal networks and national resilience to significant cyber incidents,” they stressed. 

President Biden earlier this month proposed a budget of just over $2.1 billion for CISA in fiscal 2022, around $110 million more than the agency was given in fiscal 2021. An additional $650 million was also appropriated to CISA as part of the American Rescue Plan Act, signed into law in March. 

Langevin and Gallagher, both of whom serve on the Cyberspace Solarium Commission, argued that CISA would need a far larger budget increase to address issues including cyber response and recovery, federal network resilience, outreach to states, and other topics. 

They wrote that if the potential budget for CISA is not increased, “determining appropriations for CISA in the coming fiscal year would be an exercise in limiting damage to existing programs while triaging new responsibilities, and CISA would fall far short of the strong and effective cybersecurity agency the U.S. badly needs.”

“Congress has very wisely chosen to expand and reinforce CISA’s role in protecting the nation against ever-growing cyber threats,” the lawmakers wrote, noting that the increased appropriation would “reflect the growing importance of a resilient and secure cyberspace on American lives and livelihoods.”

A spokesperson for House Appropriations Committee Chairwoman Rosa DeLauro (D-Conn.) did not immediately respond to The Hill’s request for comment, and a spokesperson for Langevin said his office had not yet received a response to the letter, which was sent late last week.

The committee has not announced when the annual hearing on CISA appropriations will take place.