San Antonio Express-News (Sunday)
Cybersecurity, nondefense research may face cuts in debt deal
WASHINGTON — Spending on cybersecurity, research and development, and basic science could take a hit from the twoyear cap on nondefense discretionary spending included in the debt measure negotiated between Speaker Kevin McCarthy and President Joe Biden.
While the legislation “doesn’t expressly cut cybersecurity spending, the caps will constrain overall funding and make it harder for future investments to be authorized,” Linda Moore, CEO of TechNet, a trade association of tech CEOs, said in an email.
Cybersecurity “requires constant advancements and innovations to remain effective, and the threat from our foreign adversaries to steal our data and disrupt our critical infrastructure remains high,”
Moore said.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said steady funding is essential to meeting evolving threats.
“We can’t PSA our way out of this,” Easterly said, referring to public service announcements about the importance of cybersecurity, given the threats that well-resourced, sophisticated nations present.
“At the end of the day, we need to do something different, and the stakes are very high,” Easterly said last week at an event hosted by Axios. “It’s not just scams and fraud. It is the critical infrastructure that we rely upon every hour of every day to get water and power and health care and transportation and communications.”
With a few days to spare before the U.S. hit a limit on its ability to borrow and meet its debt obligations, the Senate cleared, and Biden signed, legislation that would suspend the statutory $31.4 trillion debt ceiling and impose two years of caps on discretionary spending.
The legislation would claw back unspent COVID-19 pandemic aid, redirect some IRS funding for other uses, streamline
energy permitting, end a pause on student loan repayments and toughen some work requirements for certain recipients of food stamps and cash assistance.
The bill was expected to save at least $1.5 trillion over a decade, the Congressional Budget Office estimated, though that amount is a fraction of the $20 trillion in deficits projected over that time period.
For fiscal 2024, the Biden administration is seeking $3.1 billion in funding for the CISA, up from $2.9 billion Congress appropriated for the agency in fiscal 2023. The agency’s appropriation for fiscal 2022 was $2.6 billion.
In addition to the regular annual appropriations, the agency received $780 million in two bills in 2021.
It’s unclear how much of the administration’s fiscal 2024 request Congress will approve under the negotiated debt deal.
The agency’s annual budgets have grown significantly in recent years, especially after high-profile cyberattacks in late 2020 and 2021. An attack on Colonial Pipeline two years ago shut down supplies of gasoline on the East Coast, and several federal agencies were victims when software supplier SolarWinds was hacked in late 2020.
In the aftermath of those attacks, Congress included provisions in the fiscal 2022 appropriations measure that require private companies in critical sectors to report to the CISA any cyberattack on their computer systems.
Since then, in San Antonio, Rackspace Technology Inc. was hit in December 2022 by a ransomware attack that left thousands of customers worldwide without access to data including archived email, contacts and calendar items. The incident eroded customer confidence in one of the city’s largest technology services companies.
And in August 2022, a cyberattack on Our Lady of the Lake University’s computer network compromised personal data on its faculty, students and even people who applied to the school but never attended. It wasn’t until late March that the university notified those affected by the attack.
The Department of Homeland Security also imposed minimum cybersecurity standards on the railroad and aviation sectors and operators of pipelines.
But as threats evolve, the agency may have to go back to Congress and ask for additional funding, said James Hayes, senior vice president of global government affairs at Tenable, a cybersecurity firm.
“Cybersecurity is one of those areas that we have not been able to fully figure out what the run rate should be, and how much additional sums might be necessary in the future, depending on the types of attacks we encounter now,” Hayes said in an interview.
Run rate refers to predicting future financial needs or performance based on current conditions.
Federal spending on research and development also could be hurt by the debt deal, said Sean Gallagher, deputy director for government affairs at the American Association for the Advancement of Science.
The White House budget proposal for fiscal 2024 sought about $107 billion for nondefense research and development.
The budget caps imposed by the deal are likely to “reduce any visionary aspirations” that Congress set forth in landmark legislation last year “because the agencies realistically have to go back and cut costs,” Gallagher said in an interview.
Congress last year authorized a significant expansion of U.S. basic scientific research in legislation that included money for the National Science Foundation, as well as clean energy programs at the Energy Department.
After signing the legislation, which authorized $81 billion for the National Science Foundation over five years to advance research in several critical areas, Biden called it a “oncein-a-generation investment in America itself.”
Several lawmakers of both parties said it was a long overdue response to China’s growing strength in several hightech areas, including artificial intelligence, quantum computing and biotech. The legislation also separately appropriated $52 billion in federal grants to restore U.S. semiconductor manufacturing.
Agencies lacking funds may be forced to cut back on hiring people and experts to start new programs that were authorized by Congress, Gallagher said. And that could lead to unfunded mandates, where programs exist on paper but are not executed, he said.
AAAS has estimated that U.S. research and development spending took a beating when President Barack Obama signed legislation in 2011 to cut the federal deficit over 10 years in exchange for a debt limit increase.
According to the association, about $200 billion that could’ve been spent on research was not spent because of the budget caps.