Millions from the US COVID-19 Relief Package to be Used for Cybersecurity

News

The United States’ $1.9 trillion COVID-19 stimulus bill that President Joe Biden signed last week, has become the first coronavirus package to address cybersecurity as part of a national recovery plan.

March 17, 2021

In light of escalating cyber attacks, the legislation allocated some $2 billion toward cybersecurity and technology modernization, with $650 million of it being earmarked for the Cybersecurity and Infrastructure Security Agency (CISA) to boost cyber protection and mitigate risks.

The bill pledged one billion to a government agency which supports the functioning of federal agencies. The money will be spent for technology modernization. Another $200 million will go to the U.S. Digital Service and $150 million to the Federal Citizens Service Funds.

However, the amount is a far cry from the $9 billion initially proposed by Biden’s American Rescue Plan last January. CISA directors Brandon Wales and Eric Goldstein said last week that the amount allocated to the agency is just a fraction of how much is needed to confront increased cyberattacks.

“$650 million is a down payment. It accelerates some of these efforts, but this is going to require sustained investment,” Wales said, according to The Hill. “It will also increase the visibility for agencies themselves, and those agencies themselves are going to need additional resources to make sure they can fully leverage the improved capabilities that we will be deploying.”

After serious cybersecurity crises that arose from the SolarWinds and the Microsoft Exchange hacks, CISA’s two top appointees said the agency will spend the funds to increase the visibility of cybersecurity threats within federal agencies, build capacity to proactively hunt for threats, develop capabilities to identify risks agencies might face and adopt defensible network architectures.

U.S. authorities are still mitigating the impacts of the SolarWinds breach, a sophisticated attack identified last December and carried out by Russian hackers who compromised 100 private sector companies and at least nine government agencies.

A senior administration official from the White House said on Friday that the federal government is carrying out a four-week remediation plan across compromised agencies, which is expected to be completed by the end of March.

“We will be rolling out technology to address the specific gaps we identified, beginning with the nine compromised agencies. We want to make the federal government a leader, not a laggard, in cybersecurity,” the official told reporters.

Regarding the Microsoft Exchange hack, which affected both public and private sectors worldwide, the White House official said the government is working with all stakeholders to patch exposed systems and determine if they’ve been compromised.

Earlier this year, the U.S. Government Accountability Office (GAO), a non-partisan legislative agency, issued a report warning that federal cybersecurity has regressed since 2019.

In a report addressed to the U.S. Congress, the agency attributed part of this regression to a lack of centralized leadership in cybersecurity at the White House and urged the government to implement “a comprehensive cybersecurity strategy”.