The Cybersecurity and Infrastructure Security Agency (CISA) must continue to grow to keep pace with more complex threats, the head of the agency said on Thursday.
CISA’s $2.5 billion budget request for fiscal year 2023 is “sufficient for our mission,” Jen Easterly said. “I frankly think the threat environment demands that we continue to increase our capability and our capacity,” she added.
The budget request is about $400 million more than the Biden administration sought in FY ’22. Congress, however, added significantly to the FY ’22 budget, providing CISA with $2.6 billion, the most the agency has ever received.
Testifying before the House Appropriations Homeland Security Subcommittee, Easterly said, “I think as we grow as America’s cyber defense agency, we see a very complex threat environment that continues to get more complex threat actors that continue to get more sophisticated and are very well resourced, we look forward to working with this committee to make sure that we do have the capacity and the capability to be able to defend federal networks and to work with our critical infrastructure partners, some of which that are very target rich but resource poor.”
CISA received $2 billion in FY ’21 through the regular appropriations process and about another $1 billion through various federal stimulus bills.
Rep. John Katko (R-N.Y.), the ranking member on the House Homeland Security, has said that CISA needs to be a $5 billion agency.
Rep. Chuck Fleischmann (R-Tenn.), the ranking member of the subcommittee, asked Easterly if CISA needs more time to mature before continuing its rapid growth.
Easterly agreed that that her agency needs to “responsibly execute” its spending as it is given more funding. She said CISA has executed on more than 99 percent of the additional funding it received last year, some of which went to endpoint detection and response and the standup of the agency’s new Joint Cyber Defense Collaborative, a partnership between the government and private sector to operationalize planning and response activities to cyber threats and incidents.
Easterly also said that she’s “excited” about $65 million included in the FY ’22 budget for attack management surface capabilities that will create a common operating picture into federal civilian networks that touch the public.
“I really understand the importance of a common operating picture,” she said. “And frankly, it’s one of the things that we don’t have yet and it goes to the point I made earlier about the importance of increased visibility that’s why coming together across the federal cyber ecosystem, and why the JCDC, with NSA, FBI, CISA coming together with the private sector to help create that common operating picture is so absolutely critical.”