United States President-elect Joe Biden recently announced a comprehensive "American Rescue Plan" that will "change the course of the pandemic, build a bridge towards economic recovery, and invest in racial justice."
The bulk of the nearly $2 trillion plan includes a national vaccination program, emergency relief to families, and supporting communities hit hardest by the pandemic.
However, Biden also included a section at the end of the plan which details steps to improve the country's standing within the cybersecurity space—improvements to the tune of approximately $10 billion.
What is Biden's plan for cybersecurity?
Just like the private sector, the U.S. government has had a string of data breaches, the SolarWinds breach being the most recent. Because of this, the President-elect is calling upon Congress to modernize and secure federal IT and its networks. He has specifically identified four things he wants Congress to fund:
- "Expand and improve the Technology Modernization Fund.
A $9 billion investment will help the U.S. launch major new IT and cybersecurity shared services at the Cyber Security and Information Security Agency (CISA) and the General Services Administration and complete modernization projects at federal 18 agencies. In addition, the president-elect is calling on Congress to change the fund's reimbursement structure in order to fund more innovative and impactful projects."
- "Surge cybersecurity technology and engineering expert hiring. Providing the Information Technology Oversight and Reform fund with $200 million will allow for the rapid hiring of hundreds of experts to support the federal Chief Information Security Officer and U.S. Digital Service."
- "Build shared, secure services to drive transformational projects. Investing $300 million in no-year funding for Technology Transformation Services in the General Services Administration will drive secure IT projects forward without the need of reimbursement from agencies."
- "Improving security monitoring and incident response activities.
An additional $690M for CISA will bolster cybersecurity across federal civilian networks, and support the piloting of new shared security and cloud computing services."
Analysis of Biden's cybersecurity plan
Some cybersecurity professionals are already sharing their opinion about Biden's approach to improving the government's information security posture.
Dirk Schrader, Global Vice President at New Net Technologies, had this to say about the cybersecurity part of the plan:
"Seeing these initiatives included in relief plan is a good sign in itself and follows up on statements made earlier by the incoming team. Improvements are needed across all parts of the government's IT in order to achieve that notion of cyber resilience as stated in the Solarium report.
If it is enough to have a better coverage of experienced staff in all the branches of the Government is hard to tell, as the funds reserved for that task are roughly covering 2,000 employees plus the needed personal equipment for one, perhaps two years.
Having the specific aspects of security monitoring and incident response as part of the investment plan should be designated also to automate things needed to do the core security stuff like change control and vulnerability scans which will detect the gaps in that resilient cyber security posture the new government aims to achieve."
And Hank Schless, Senior Manager of Security Solutions at Lookout, thinks it could help, at least somewhat:
"The $200 million allocated for hiring experts to support the federal Chief Information Security Officer and U.S. Digital Service could definitely attract new talent into the public sector. However, looking at it more broadly, the funding allocated to other agencies may be used to contract more with private sector companies. This public-private partnership approach could be more efficient if these agencies want to get modern solutions in place with the oversight of experts rather than trying to build the solutions themselves."
Of course, all of this may just be on paper. No one knows the odds of Congress actually passing a wide-ranging $1.9 trillion dollar legislation.
Stay tuned for the outcome on this one.