White House unveils fiscal 2025 cybersecurity investment priorities

The White House has released its cybersecurity investment priorities for fiscal 2025, urging federal agencies to adopt key pillars of the National Cybersecurity Strategy in their budget proposals and overall missions.

The Office of Management and Budget memorandum issued Tuesday focuses on the same five pillars featured in the national cybersecurity strategy: defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces to drive security, investing in a resilient future and forging international partnerships. 

It calls on the federal government to modernize its information technology systems by investing in "durable, long-term solutions that are secure by design" and improving baseline cybersecurity  requirements.

The fiscal 2025 priorities also align with the Federal Zero Trust Strategy released last year, which seeks to ensure governmentwide cybersecurity practices are in place and that every access attempt is verified on federal systems and networks. 

The memorandum instructs agencies to prioritize modernization efforts for systems that are reaching end of life or end of service, when they are typically at their most vulnerable to cyber intrusions.

It also calls on agencies to demonstrate how their fiscal 2025 budget submissions help secure national security systems like power grids and transportation networks, while furthering performance-based regulations and ensuring effective regulatory enforcement. 

Gordon Bitko, executive vice president of policy for the Information Technology Industry Council, told Nextgov/FCW that the memorandum "highlights the complex financial, technical and personnel challenges facing the federal government across the cybersecurity landscape. 

"Key elements of the NCS, such as migrating to zero trust architectures and modernizing legacy systems, are appropriately emphasized," Bitko said, adding that the White House should work with congressional appropriators "to ensure that resources are allocated as needed" while collaborating with industry stakeholders to help implement best practices and solutions. 

The push to further incorporate cyber priorities into agency budget submissions comes amid an increasingly hostile threat landscape that has a proven potential to cause significant impacts and disruptions on federal systems. 

The Cybersecurity and Infrastructure Security Agency confirmed earlier this month that cybercriminals had exploited a previously unknown vulnerability in a popular automated file transfer service solution called MOVEit in an attack that impacted several federal civilian agencies. 

To address long-standing gaps in the cyber workforce, the memorandum instructs agencies to leverage skills-based hiring best practices and other aspects of the federal "Good Jobs Principles'' framework, which outlines key elements, including hiring, pay, benefits and career advancement, among other core qualities. 

It also calls on agencies to prioritize workforce for certain cyber issues, including investigating ransomware crimes, disrupting cybercriminals and combating "the abuse of virtual currency to launder ransom payments." 

The memorandum was published by Acting National Cyber Director Kemba Walden and Office of Management and Budget Director Shalanda Young. The Office of the National Cyber Director and OMB will jointly review agency budget submissions to identify and address potential gaps in their cyber priorities, according to the memorandum. 

The White House also plans to release additional guidance on cybersecurity research and development priorities in a separate, forthcoming memorandum.