President Biden has unveiled a $5.8 trillion budget request for the coming fiscal year that would increase federal spending on cybersecurity by billions of dollars. The proposed investments “will, in alignment with the administration’s priorities, focus on addressing root cause structural issues, promoting stronger collaboration and coordination among federal agencies, and addressing capability challenges that have impeded the government’s technology vision.”
How much difference will this investment make and are there any additional measures to consider? Looking into the matter for Digital Journal is Nick Tausek, Security Automation Architect at Swimlane.
Tausek begins by boiling down the budget to its essentials: “As it currently stands, President Biden’s budget proposal would increase federal spending on cybersecurity by billions, including a nearly $500 million budget increase for CISA.”
As such the investment is to be welcomed, says Tausek. He clarifies: “This proposed spending increase is a testament to the continued prioritization of cybersecurity within the federal government and highlights the importance of shoring up the nation’s cybersecurity strategy and infrastructure.”
As to what the final look of the proposal will be, this could be subject to change as Tausek observes: “Although it is very likely that this proposal will go through numerous changes before being approved, the increased investment in cybersecurity, combined with recent security directives around Zero Trust, Logging, and Security Orchestration, Automation and Response (SOAR) are an encouraging steps for the future of the nation’s cybersecurity strategy.”
SOAR tools are software products that enable IT teams to define, standardize and automate the organization’s incident response activities.
Furthermore, SOAR provides a standardised process for data aggregation to assist human and machine-led analysis. The combined technologies also automate detection and response processes where the purpose is to help reduce alert fatigue, thereby allowing analysts to focus on the tasks that require deeper human analysis and intervention.
With the other measure, Zero Trust is a philosophical shift towards network defenses. These point toward a more comprehensive IT security model. This position allows organizations to restrict access controls to networks, applications, and environment in order to improve security but also without sacrificing any aspect of performance and advisedly impacting upon the user experience.
On this basis, Tausek says that the proposal should be supported: “While it’s hard to pinpoint the chances the whole budget has of passing in its current form, it seems likely that the cybersecurity measures will remain largely unchanged due to their emphasis on national defense.”