Seventy-three billion dollars for the electric grid, $65 billion for broadband, and $7.5 billion for electric vehicles.
This is just a fraction of the spending dedicated to improving critical infrastructure in the Biden Administration's historic and controversial Infrastructure Investment and Jobs Act, which totals a whopping $1.2 trillion.
President Joe Biden signed the bill into law on Monday, which will include nearly $2 billion dedicated to cybersecurity support.
Where is this money going and what kind of impact will it make?
Cybersecurity-related areas of the infrastructure bill
The SecureWorld News team spent time looking through the language of the bill, which includes more than 30 pages dedicated to cybersecurity alone.
Here are a few of the ambitious ways the U.S. government plans to implement cybersecurity changes from protecting infrastructure to filling the talent shortage.
- Cyber Response and Recovery Act of 2021: The budget grants $100 million over five years to respond to cyber incidents, according to language in the bill. Provides direction for how a "significant incident" would be handled, including establishing dedicated funds and deciding how federal resources would be delegated with special attention to vulnerability assessments and mitigation; technical incident mitigation; malware analysis; analytic support; threat detection and hunting; and network protections. Further, language of the bill states grants will be given as the CISA Director deems appropriate.
- State and Local Cybersecurity Grant Program (Sec. 70612): $1 billion will be distributed between 2022 and 2025 to pay salaries, administrative costs, and other expenses. Departments will "use the National Initiative for Cybersecurity Education Workforce (NICE) Framework for Cybersecurity developed by the National Institute of Standards and Technology (NIST) to identify and mitigate any gaps in the cybersecurity workforces of the eligible entity and, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity, enhance recruitment and retention efforts for those workforces."
- Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance Program (Sec. 40124): $250 million will be dispersed between 2022 and 2026 to states to update technology.
- Enhanced Grid Security (Sec. 40125): An additional $350 million will be dispersed between 2022 and 2026 to develop cyber defenses for the energy sector.
The bill also reads a hefty portion will go towards addressing cybersecurity defense for emergencies to be distributed on a state level:
"For an additional amount for 'Cybersecurity, Energy Security, and Emergency Response', $550,000,000, to remain available until expended."
Read more for yourself about the cybersecurity recommendations here.
Support for cyber resilience in U.S. infrastructure bill
Earlier in the year, President Biden was quoted as saying a "shooting war" could arise from a cyberattack, and many of SecureWorld's presenters have commented that the cyber arms race, or cyber warfare, is already here.
From this perspective, the government's growing concern with updating security measures when more organizations than ever are operating digitally is notable, and the bill shows a first step towards setting cybersecurity standards, addressing the talent gap, and securing critical infrastructure such as drinking water, the electric grid, and more.
The bill, which was originally introduced on June 4, 2021, has seen extensive amendments as well as back and forth between members of Congress.
With the rise in cyberattacks within the U.S. and around the world, especially on supply chains and critical infrastructure, there has been more mainstream focus on cybersecurity than ever before—and more money spent here, too.
"It's a more significant amount of money than has ever existed before. Our members and other state and local government associations have been clamoring for the need for some sort of cybersecurity-specific funding stream available to local and state governments," Matt Pincus, Director of Government Affairs at the National Association of State Chief Information Officers (NASCIO), told The Hill.
Stephen Kovac, Chief Compliance Officer and Head of Global Government Affairs for Zscaler, touched on how security needs are becoming a more commonplace topic, especially in a world where private and public organizations are more heavily relying on the growing digital ecosystem.
"The inclusion of cybersecurity funding in the Infrastructure Investment and Jobs Act signals the growing awareness that cybersecurity underpins all critical infrastructure—including the electrical grid, water infrastructure, and transportation systems.
The growth of digital infrastructure has introduced new risks, but modern Zero Trust infrastructure is the best opportunity to secure critical services. We are encouraged to see the cyber funding included in this bill, including the significant funding for state and local governments. This funding builds on the steps the Federal government is taking to deploy Zero Trust security, including the cybersecurity Executive Order, the draft Federal Zero Trust Strategy, and the draft Zero Trust maturity model," Kovac told MeriTalk.
Leave your comments below to start a discussion.
Resources
Check out SecureWorld's West Coast virtual conference, which will feature a lineup of expert speakers from wide backgrounds.
[RELATED: Biden Administration Signs K-12 Cybersecurity Act: Will It Make a Difference?]
