The Biden administration’s 2025 budget request includes nearly $13 billion for cybersecurity spending by civilian agencies. This is a 10% increase from last year’s request. The cyber investment priorities align with the National Cyber Strategy released in March 2023.
The strategy balances federal cyber activity between addressing short-term needs and investing in long-term national cyber resilience. For immediate needs, the administration requested $470 million for the Continuous Diagnostics and Mitigation (CDM) program. This supports zero-trust implementation within the government.
The CDM program is critical for endpoint and network security, asset management, identity management, and data protection across agencies. $394 million was requested to strengthen cybersecurity and analytical capabilities within civilian agencies. $116 million was allocated for the Cybersecurity and Infrastructure Security Agency (CISA) to handle incident reporting from over 300,000 U.S. critical infrastructure organizations.
Biden budget increases cyber protection
For longer-term needs, the budget includes $455 million for AI research focused on safety, security, and resilience. This aims to shore up cyber defenses.
Significant funding is earmarked for enhancing cybersecurity of U.S. critical infrastructure, including healthcare systems. The Department of Health and Human Services requested $800 million for cybersecurity in high-need, low-resource hospitals and $500 million for advanced cybersecurity capabilities. A major theme of the 2023 National Cyber Strategy is shifting responsibility for cybersecurity to emphasize ‘secure by design’ and ‘secure by default.’ This means building security into IT products from the start and configuring them to be secure out of the box.
The federal government aims to create market demand to convince IT providers to voluntarily adopt these principles. Over 200 companies have committed to meeting pledge goals set by CISA. The government could accelerate a model for generative AI security by ensuring its requirements address the full stack of security needs.
Cybersecurity is crucial to the federal government’s mission. The 2025 budget reflects priorities in immediate and long-term cybersecurity needs and the shift towards secure by design and secure by default.
