White House releases cyber budget priorities for next fiscal year

The White House outlined its cybersecurity budget priorities for fiscal year 2025 in a memorandum sent to executive departments and agencies Tuesday.

The Biden administration is looking to connect cybersecurity investments to the five pillars of the national cybersecurity strategy it released in early March, the document shows.

The letter, signed by Acting National Cyber Director Kemba Walden and Office of Management and Budget Director Shalanda Young, advises federal agencies to prioritize spending on critical infrastructure defense, disrupting and dismantling threat actors, software that is secure by design, resiliency and international partnerships.

“Agency investments should lead to durable, long-term solutions that are secure by design,” Shalanda and Walden wrote in the letter.

Despite the government’s efforts to combat cybercrime, ransomware activity and risk remains high as threat actors exploit software vulnerabilities to ensnare multiple downstream victims, including federal agencies at times.

Federal agency budgets should use government purchasing power to improve accountability in the software supply chain and strengthen defense across agencies, the memo said.

“The national cybersecurity strategy emphasizes rebalancing the responsibility to defend cyberspace to ensure that the most capable and best-positioned actors in cyberspace serve as effective stewards of the cyber ecosystem,” Shalanda and Walden wrote.

The letter also addresses the Biden administration’s ongoing efforts to confront ransomware, calling it a threat to national security, public safety and economic prosperity.

“The administration is committed to mounting disruption campaigns and other efforts that are so sustained, coordinated and targeted that they render ransomware no longer profitable,” Shalanda and Walden wrote.

Agencies that bear responsibility for disrupting ransomware are advised to submit budgets that prioritize staff resources to investigate ransomware, disrupt ransomware infrastructure and participate in interagency task forces focused on cybercrime.