Attacks and Vulnerabilities
CISA
Critical infrastructure
News
Regulation, Standards and Compliance
Supply Chain Security
Vulnerabilities
Zero Trust

White House 2023 budget funds zero trust security measures, pushes on critical cybersecurity capabilities

March 29, 2022
White House 2023 budget funds zero trust security measures, pushes on critical cybersecurity capabilities

The U.S. government released on Monday its ‘Fiscal Year 2023 President’s Budget’ that funds a strategic shift in defense of federal infrastructure and service delivery, better positioning of agencies to guard against sophisticated adversaries, and enhancing critical cybersecurity capabilities that improve national resilience. 

The Budget provides investments across federal agencies that align them to foundational cybersecurity practices and priorities as outlined in U.S. President Joe Biden’s Executive Order 14028, ‘Improving the Nation’s Cybersecurity.’ This includes funding to facilitate the ongoing transition to a ‘zero trust’ approach, which would enable agencies to more rapidly detect, isolate, and respond to cyber threats. 

To support these efforts, the Budget provides US$2.5 billion to the Cybersecurity and Infrastructure Security Agency (CISA) marking a $486 million increase above 2021. The allocation will help maintain critical cybersecurity capabilities implemented in the American Rescue Plan, expand network protection throughout the federal executive branch, and bolster support capabilities, such as cloud business applications, enhanced analytics, and stakeholder engagement. 

The Budget also supports the Office of the National Cyber Director, which would improve national coordination in the face of escalating cyber attacks on government and critical infrastructure sectors. In addition to bolstering federal cybersecurity, the Budget includes funding to ensure safe and secure elections, build and maintain critical public-private partnerships, enhance critical infrastructure protection, and prioritize and reinforce CISA’s role as the national risk manager.

The Budget also provides $15.2 billion in discretionary budget authority for the Federal Aviation Administration (FAA) to improve aviation safety, transform the nation’s aviation infrastructure, and improve cybersecurity capabilities. The resources provided through the Budget complement the $5 billion already provided by the Bipartisan Infrastructure Law for 2023 to upgrade the FAA’s air traffic control facilities and improve safety, capacity, accessibility, and efficiency of the nation’s airports.

The Budget will also invest in cybersecurity programs to protect the nation from malicious cyber criminals and cyber campaigns. These priorities include strengthening cyber protection standards for the defense industrial base and investing in the cybersecurity of the Department of Defense (DOD) networks.

The FY 2023 Budget allows for continued investment in cyberspace initiatives. These investments include operationalizing zero trust architecture across military departments and defense agencies, increasing cybersecurity support to the defense industrial base, and growing the cyber mission force teams.

“Through cyber defense operations and technical assistance, DHS works to prevent malicious cyber activity from compromising and disrupting Federal networks and privately held critical infrastructure,” Alejandro Mayorkas, secretary of the U.S. Department of Homeland Security (DHS), said in a statement on Monday. 

“The Budget provides $1 billion to enhance cyber risk analysis capabilities, fortify the security posture of Federal Government networks, and deliver an integrated system that defends IT infrastructure,” according to Mayorkas. “This funding supports efforts to close crucial gaps that exist in large agency enterprises and provides DHS with visibility into unauthorized, potentially malicious, or adversary activity targeting Federal networks,” he added.

The Budget comes as increased threats and attacks have been observed. Last week, the U.S. Coast Guard observed a recent uptick in malicious cybercriminals using spoofed business websites to target the marine transportation system (MTS). 

“Multiple MTS partners have discovered well-constructed, fake websites masquerading as their legitimate business websites,” the Coast Guard said in its latest alert. “These sites are created presumably to steal information from or install malware on customers’ devices interacting with the sites. These spoofed websites are not designed to impact the maritime organization directly but resemble watering-hole style attacks where the intended targets are individuals and entities visiting the site,” it added. 

The spoofed websites are professional in appearance and quite sophisticated, some of which are presenting as .com domains, the alert added. “This level of detail can make it difficult to discern a real site from a fraudulent one,” it said. 

The Coast Guard calls upon marine transportation stakeholders whose websites could be spoofed to regularly review their online presence and validate their legitimate websites. Website authenticity can be investigated by searching the website’s registration information such as registrant, location, dates, history, and record information using services, such as ICANN or WHOIS. 

In addition, marine transportation stakeholders who discover fraudulent or spoofed websites should immediately notify their customers and stakeholders of the illegitimate pages and report it to their local Coast Guard unit, the agency added. 

Jen Easterly, CISA director, had also pointed towards the growing threat to the maritime transportation sector as an increasingly imperiled soft spot in U.S. critical infrastructure.

“Given the vital role of the industry, the importance of securing systems and functions that make up the maritime transportation sector cannot be overstated,” Easterly said at the Hack the Port conference last week. “That said, protecting the industry from cyber threats is really becoming increasingly complex, as connected and often unsecure control systems make maritime organizations a prime target for malicious actors,” she added.

President Biden also directed critical infrastructure owners and operators to improve domestic cybersecurity capabilities and bolster national resilience. His warning last week came in the wake of ‘evolving intelligence’ that the Russian government is exploring options for potential cyberattacks. As most of the nation’s critical infrastructure is owned and operated by the private sector, it is for these environments ‘to act to protect the critical services on which all Americans rely.’

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings