White House wants to boost cyber funds for fiscal 2026
The White House wants federal agencies to ask for more money that would be used to improve the nation’s cyber defenses, per a memo sent to agency heads Wednesday.
In the document, Office of Management and Budget Director Shalanda Young and National Cyber Director Harry Coker Jr. directed agencies to review and align incoming budget requests to fit the Biden administration’s national cyber strategy and implementation plan.
The White House’s ask fits with its directive that federal agencies move toward fully mature zero-trust architectures. Agencies will submit an updated zero-trust implementation plan to the OMB and ONCD within 120 days following the memo’s release, and be on target by the end of fiscal 2026, the memo states.
“Agencies with federated networks should prioritize investments in department-wide, enterprise solutions to the greatest extent practicable in order to further align cybersecurity efforts, ensure consistency across mission areas, and enable information sharing,” the memo said.
Additionally, federal agencies should also update budgets to reflect the critical infrastructure national security memorandum issued this year by President Joe Biden. The memo requires that agencies charged with overseeing a critical infrastructure sector prioritize resources and responsibilities.
Budgets should also reflect the potential development of “minimum cybersecurity requirements for each sector for security and resilience” and the improvements of open-source software security and sustainability. Agencies should both ensure that they’re using open-source software securely while also contributing to maintenance and upkeep, according to the memo.
Developing and harmonizing standards across critical infrastructure has continued to run into obstacles from industry lawyers. A bid by the Environmental Protection Agency to add cybersecurity requirements to sanitary surveys led to lawsuits and ultimately the retraction of the rule. Additionally, a recent Supreme Court decision on the so-called Chevron doctrine can also put existing and potential new mandates at risk, like the incoming cyber incident reporting rule, experts noted.
The administration is also calling on federal agencies to address the government’s cyber workforce issue, an area of focus for Coker since he took office in late 2023.
“Budget submissions should demonstrate how agencies invest in adopting skills-based best practices including skills-based and competency-based assessments and the removal of 4-year college degrees as minimum requirements when appropriate to remove barriers for joining the Federal cyber workforce,” the memo stated.