Should the U.S. Prioritize Cyber Defense in its Budget?

Katherine Dorrer

Staff Writer

The exponential growth of digital technologies and the pervasive reach of the Internet have revolutionized global communication, commerce, and information exchange. In today’s interconnected world, where a substantial portion of daily activities occurs online, maintaining robust cyber security standards is not just advisable but imperative. The United States, faced with escalating cyber threats from foreign adversaries and the pervasive digitalization of critical infrastructure, must prioritize cybersecurity in its budget allocations to safeguard national security interests and ensure resilience in the face of evolving threats.

The Fiscal Year 2025 Department of Defense budget request of $849.8 billion, reflects a recognition of the urgent need to bolster cybersecurity measures. This allocation not only serves to provide immediate protection against cyber-attacks but also lays the groundwork for the nation’s future security. A senior defense official at the Pentagon states that “the FY23 cyber activity budget focuses investments in three portfolios, covering cybersecurity, cyberspace operations, and cyber research and development.” With this, cybersecurity is no longer confined to the realms of government agencies; it has become a national obligation affecting every facet of society including finance, healthcare, transportation, and energy. The proliferation of interconnected devices and the digitalization of essential services have significantly expanded the attack surface for cyber threats, leaving critical infrastructure vulnerable to exploitation by malicious actors.

While the allocation of $1.7 billion to the Cybersecurity and Infrastructure Security Agency (CISA) in the FY25 budget marks a step forward in consolidating cyber threat data, it is crucial to recognize that traditional methods alone may not suffice in combating the evolving threat landscape A recent breach in a federal agency responsible for cyber security underscores the vulnerability of organizations to cyber vulnerabilities and the necessity of having robust incident response plans in place. A CISA spokesperson stated, “This is a reminder that any organization can be affected by a cyber vulnerability, and having an incident response plan in place is a necessary component of resilience.” Failure to prioritize cybersecurity investments leaves nations vulnerable to exploitation and disruption, highlighting the urgent need for increased resources and efforts to fortify cyber defenses and protocols against evolving threats.

While the National Defense Strategy effectively addresses traditional security challenges such as geopolitical rivalries and traditional military threats, the landscape of warfare has evolved dramatically in recent years, with cybersecurity emerging as a prominent domain of conflict. Unlike conventional warfare, where adversaries engage in physical battles, cyber warfare operates in the virtual realm, leveraging digital technologies to launch attacks on critical infrastructure, government systems, and private networks. 

The growing prominence of cybersecurity warfare stems from several factors. First, advancements in technology have made cyberspace an attractive arena for state and non-state actors seeking to disrupt operations without the need for conventional military forces. Cyber-attacks offer anonymity, deniability, and the potential for significant impact with relatively low costs and risks. The asymmetrical nature of cyber warfare allows smaller, less powerful entities to pose significant threats to larger, more technologically advanced nations. State-sponsored cyber espionage, cyber terrorism, and cybercrime present formidable challenges that cannot be adequately addressed through traditional means alone. 

As threats are evolving rapidly and adversaries becoming increasingly sophisticated, the necessity for adaptive strategies is paramount. As highlighted by Former NSA Chief Michael Rodgers, Western countries faced unprecedented levels of cyber-attacks, including ransomware incidents and successful data breaches, in the previous year, reports The Record. In its annual crime report, cryptocurrency firm Chainalysis stated that in 2023, ransomware payments exceeded $1.1 billion. At the Munich Cyber Security Conference Rodgers asserts that “continuing with the same strategies and expecting different outcomes is a low-probability success strategy.,” continues The Record.

Given these dynamics, it is imperative that the United States allocates greater attention and investment in its budget priorities. Reuters explains that despite the significant budget allocation of $849.8 billion, representing a one percent increase from 2024 defense spending, there remains a pressing need to give a more substantial portion of these resources to bolster cyber defenses, enhance resilience, and invest in cutting-edge technologies to mitigate cyber risks.

In this critical juncture of cybersecurity strategy and spending, the United States must acknowledge the imperative for practice and innovative approaches. While the FY25 proposed budget demonstrates commendable strides in bolstering cybersecurity, it is but a single step in an ongoing journey toward cyber resilience. Failing to heed this not only jeopardizes the nation’s security but also risks ceding ground to adversaries eager to exploit the nation’s vulnerabilities.

Image courtesy of Getty Images