The White House released a memo outlining cybersecurity investment areas federal agencies should prioritize as they make decisions about what to include in their fiscal year 2025 budgets.
The memo calls on federal agencies to prioritize the five areas that are laid out in the National Cybersecurity Strategy released by the Biden administration earlier this year. Shalanda Young, director of the Office of Management and Budget, and Kemba Walden, acting cyber director in the Office of the National Cyber Director, signed the memo.
The strategy's five pillars include defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships to pursue shared goals.
Once budgetary decisions are made, OMB and ONCD will review federal agencies' priorities in their fiscal year 2025 budget submissions, "identify potential gaps" and provide the agencies with potential solutions to those gaps.
"OMB, in coordination with ONCD, will provide feedback to agencies on whether the submissions are adequately addressed and are consistent with overall cybersecurity strategy and policy, aiding agencies' multiyear planning through the regular budget process," the memo said.
The memo does not include guidance on cybersecurity research and development priorities for 2025 and will be released in a separate document. Plus, the National Cybersecurity Strategy implementation plan is expected to be released this summer.
High-profile cyber attacks and Russia's invasion of Ukraine prompted the strategy's release. The strategy shows two significant policy shifts in the cybersecurity area, asking software developers to take more responsibility for cybersecurity breaches and promoting long-term investments in resilient and secure systems.
"The arena for this war exists in cyberspace. Our adversaries will choose cyberspace to engage in offensive attacks. Our critical infrastructure needs to be defensible and resilient for the long term," White House Assistant National Cyber Director for Technology Security Anjana Rajan said at GovCIO Media & Research's CyberScape event in March.
The memo also calls on federal agencies to defend the country's critical infrastructure by making investments in achieving zero trust architecture, prioritizing technology modernization and scaling public-private partnerships.
"Agency investments should lead to durable, long-term solutions that are secure by design," the memo said.
The document also prompts agencies to prioritize investigations of ransomware crimes and "combat the abuse of virtual currency to launder ransom payments."
In addition, the White House wants federal agencies to prioritize investing in the federal cyber workforce and understanding the potential threats to national security posed by the advancement of quantum computing.
Lastly, the memo requires federal agencies to have formal supply chain risk management programs and work with the private sector and international allies on minimizing cyber attacks on the country's networks.