The Office of Management and Budget and the Office of the National Cyber Director released a memorandum on Tuesday outlining five cybersecurity budget priorities for federal departments and agencies for fiscal year 2025 consistent with the U.S. National Cybersecurity Strategy.
The memo also said the budget submissions should be consistent with the Biden administration’s national cyber strategy released earlier this year. The OMB and ONCD will review agencies’ upcoming budget submissions to “identify potential gaps” and “potential solutions to those gaps.”
“OMB, in coordination with ONCD, will provide feedback to agencies on whether their submissions are adequately addressed and are consistent with overall cybersecurity strategy and policy, aiding agencies’ multiyear planning through the regular budget process,” the memo said.
The five in the memo are the same as the National Cybersecurity Strategy: defend critical infrastructure, disrupt and dismantle threat actors, shape market forces to drive security and resilience, invest in a resilient future and forge international partnerships to pursue shared goals.
The memo comes as the White House is preparing multiple strategies such as the implementation plan for the National Cybersecurity Strategy expected this summer as well as a national cyber workforce strategy. ONCD and OMB also said that a separate memo will be released with additional guidance focused on cybersecurity research and development priorities.
The memo said federal agencies need to defend critical infrastructure by modernizing federal defenses by implementing the federal zero-trust strategy, improving baseline cybersecurity requirements and scaling public-private collaboration.
Additionally, the memo pointed out that ransomware continues to be a national security threat and that some agencies should focus on dismantling threat actors by focusing on investigating and disrupting criminal infrastructure, “prioritize staff to combat the abuse of virtual currency,” and to participate in interagency task forces.
Beyond that, the administration directed agencies to use their buying power to influence the cybersecurity market, to use skills-based hiring methods to strengthen the cyber workforce, follow national security memorandums surrounding a post-quantum future, strengthen international partnerships and secure global supply chains for information, communication and operational technologies.