The FY 2023 budget cycle has started in earnest in the United States (U.S.) Congress, and committees of jurisdiction holding hearings on the funding and programmatic changes the Biden Administration would like. And, the House Appropriations Committee’s Homeland Security Subcommittee held a hearingon the Cybersecurity and Infrastructure Security Agency’s (CISA) FY 2023 budget request, and members seemed amenable to maintaining the elevated level of funding provided to the agency over the last few years.
Members were generally complementary of CISA and its Director and raised concerns about funding only so far in that some Members wanted to know if the agency was efficiently using the significant increase in funding provided over the last 18 months. Moreover, these Members wondered whether CISA has systems and personnel in place to effectively use the extra funds the administration is requesting. There were no questions about the cyber incident reporting legislation enacted along with FY 2022 appropriations that CISA will be responsible for implementing through a rulemaking. Nor did Members ask about whether the executive branch has the authority it needs to ensure critical infrastructure owned and operated by the private sector is implementing proper cybersecurity. How CISA is helping and can better assist small and medium sized businesses was a frequently discussed topic. Additionally, almost all the questions focused on the “C” in CISA with virtually none on the agency’s other missions.
As a point of review, the White House is asking Congress for slightly less than the agency got for FY 2022 ($2.593 billion for the current year vs. $2.51 billion for FY 2023.) As a point of reference, CISA was provided $2.015 billion in FY 2020 and $2.024 billion in FY 2021. Moreover, the agency got a significant bump in the “American Rescue Plan Act of 2021” (P.L. 117-2) of $650 million.