Biden budget includes $750M to help agencies recover from SolarWinds hack in proposed budget

Biden budget includes $750M to help agencies recover from SolarWinds hack in proposed budget
© Getty

President BidenJoe BidenMilitary must better understand sexual assaults to combat them The Hill's Equilibrium — Presented by NextEra Energy — Tasmanian devil wipes out penguin population On The Money: Democrats make full-court press on expanded child tax credit | White House confident Congress will raise debt ceiling MORE’s proposed budget for the upcoming fiscal year includes $750 million to address the ongoing fallout from the SolarWinds hack, even as lawmakers continue to press the administration to include more funding for a key cyber agency. 

The proposed fiscal 2022 budget designated the funding to go towards “agencies affected by the recent, significant cyber incidents to address exigent gaps in security capability,” pointing specifically to the SolarWinds hack.

The incident, first discovered in December, involved Russian hackers exploiting a vulnerability in a software update from IT group SolarWinds to compromise at least nine federal agencies and 100 private sector groups for months for espionage purposes. 


U.S. intelligence agencies formally attributed the hack to Russia earlier this year, with Biden announcing a sweeping set of sanctions against the country in retaliation shortly after. 

The $750 million was included in the budget as part of a larger proposal of $9.8 billion to go toward a variety of cybersecurity efforts.

As part of this funding, $15 million was set aside for the newly established White House national cyber director’s office. Biden nominated former National Security Agency Deputy Director Chris Inglis for the role in April, and he is awaiting a Senate nomination hearing. 

The Cybersecurity and Infrastructure Security Agency (CISA) was given a $2.1 billion proposed budget for 2022, $110 million more than the previous year, which is in addition to the $650 million given to the agency as part of the American Rescue Plan Act signed into law earlier this year. 

The proposed increase in CISA’s budget was lower than some lawmakers have argued for in recent months. 


Reps. Jim LangevinJames (Jim) R. LangevinHillicon Valley: Senate unanimously confirms Chris Inglis as first White House cyber czar | Scrutiny mounts on Microsoft's surveillance technology | Senators unveil bill to crack down on cyber criminals Senate confirms Chris Inglis as first White House cyber czar House lawmakers roll out legislation to protect schools against hackers MORE (D-R.I.) and Mike GallagherMichael (Mike) John GallagherBiden budget includes 0M to help agencies recover from SolarWinds hack in proposed budget GOP lawmaker calls for Wuhan probe to 'prevent the next pandemic' Lawmakers introduce bill to protect critical infrastructure against cyberattacks MORE (R-Wis.) sent a letter to the leaders of the House Appropriations Committee in April asking them to carve out $400 million in additional appropriations for CISA as compared to last year’s budget.

The lawmakers pointed to CISA’s leading role in responding to both the SolarWinds and to new vulnerabilities in Microsoft’s Exchange Server that allowed Chinese hackers to potentially breach thousands of organizations.

“Despite the critical functions that CISA is currently performing, far more is required of the agency in order to build meaningful security in federal networks and national resilience to significant cyber incidents,” they wrote. 

House Homeland Security Committee ranking member John KatkoJohn Michael KatkoOvernight Health Care: Medicaid enrollment reaches new high | White House gives allocation plan for 55M doses | Schumer backs dental, vision, hearing in Medicare Democratic clamor grows for select committee on Jan. 6 attack House lawmakers roll out legislation to protect schools against hackers MORE (R-N.Y.) also threw his weight behind increasing CISA’s budget by $400 million, submitting a budget proposal earlier this month to give the agency $2.5 million in the next fiscal year.

In the wake of the detailed budget being formally rolled out on Friday, Sen. Maggie HassanMargaret (Maggie) HassanDemocrats facing tough reelections back bipartisan infrastructure deal Centrists gain foothold in infrastructure talks; cyber attacks at center of Biden-Putin meeting Centrists gain leverage over progressives in Senate infrastructure battle MORE (D-N.H.) on Friday sent a letter to Acting Office of Management and Budget Director Shalanda Young expressing concerns that the overall proposed budget for the Department of Homeland Security, which CISA falls under, was “essentially flat.”

“I am concerned that a flat DHS budget will not provide enough resources to address growing cybersecurity, border security and vetting, and violent extremism threats facing the United States,” Hassan wrote to Young, pointing specifically to the SolarWinds hack and other recent major cyber incidents. 

Mark Montgomery, a senior advisor to the Cyberspace Solarium Commission and a senior fellow at the Foundation for Defense of Democracies, told The Hill Friday that the “mathematics” of the budget needed to be “worked on.”

“There are some other things in there that are palliative, but at its core, CISA is the agency that is going to drive federal IT network security, and it needs to be resourced effectively,” Montgomery said.