Policy

Top cybersecurity officials stress more funding for federal agencies

Coker and Easterly applaud recommendations around cyber-physical resilience laid out in a new report from the President's Council of Advisors on Science and Technology.

By Christian Vasquez

March 13, 2024

WASHINGTON, DC - NOVEMBER 02: Harry Coker Jr., President Joe Biden's nominee to be the next National Cyber Director, testifies during his confirmation hearing before the Senate Homeland Security and Governmental Affairs Committee at the Dirksen Senate Office Building on November 02, 2023 in Washington, DC. If confirmed Coker would serve as the second National Cyber Director, replacing inaugural Director Chris Inglis who resigned in 2023. (Photo by Kevin Dietsch/Getty Images)

A presidential advisory report on improving the resilience of critical infrastructure sectors won the approval of the nation’s top cybersecurity experts Wednesday, particularly around better funding for the agencies that are supposed to help them protect against cyberattacks.

The report from the President’s Council of Advisors on Science and Technology, which laid out multiple recommendations for the White House to consider, was first approved in January and made public in February. While the report has four overarching recommendations, a large portion is dedicated to gaining a better understanding and prioritizing the increased complexity and interdependencies of critical infrastructure organizations.

At an event panel on the report Harry Coker, the national cyber director, and Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency, both lauded the report, pointing out in particular the recommendation to give additional funds to the agencies in charge of sectors, known as the sector risk management agencies.

Coker said that President Joe Biden’s fiscal year 2025 budget proposal showed that it was a “priority.”

“I think we can all agree there are certain sector risk management agencies in certain sectors that have invested more significantly in security and resilience,” Easterly said. “And frankly, it’s why we prioritized over the last year and a half working with SRMAs like [the Department of Health and Human Services, the Environmental Protection Agency and the Department of Education]. So we can work with those sectors to provide free services and capabilities.”

Easterly also provided minor updates to multiple initiatives that the agency is pursuing, including that its list of systemically important critical infrastructure entities has grown to just under 500.

However, Easterly also said that there is more work to be done on that front, as UnitedHealth Group was considered a systemically important entity but Change Healthcare was not. HHS is currently monitoring the situation with Change Healthcare after a ransomware attack on the UnitedHealth subsidiary disrupted health care services across the country.

Easterly also said that CISA plans to publish a set of sector-specific cybersecurity performance goals for the finance, information technology, and energy sectors in the coming months.

Top cybersecurity officials stress more funding for federal agencies

More Like This

Treasury sanctions Russian hackers that breached US water utilities

Judge dismisses much of SEC suit against SolarWinds over cybersecurity disclosures

Simple ‘FrostyGoop’ malware responsible for turning off Ukrainians’ heat in January attack

Top Stories

Cyber firm KnowBe4 hired a fake IT worker from North Korea

Low-level cybercriminals are pouncing on CrowdStrike-connected outage

North Korean hacking group makes waves to gain Mandiant, FBI spotlight

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Dewey Murdick on enabling principles for AI governance; a landmark breach at AT&T

Government

Technology

Threats

Geopolitics