New Federal Cyber Infrastructure
President Biden signed the Infrastructure Investment and Jobs Act on November 10. In total, the bill dedicates $1.9 billion in funding to address cybersecurity threats to national, state and local government infrastructure.
The money would be awarded to governments in the form of grants, with the Cybersecurity and Infrastructure Security Agency used as the main clearinghouse for determining which agencies merit awards and the purposes for which funds may be used. Once that determination is made, administration of the program would be handled by the FEMA office currently managing federal grants.
Allocation of money from Congress represents an important step forward for the office of the National Cyber Director, which up until this time has been relying on a White House contingency budget for its operating budget.
The new law contains specific provisions for allocation of cybersecurity funds. Among them are the following:
- Development of a tool “to assist transportation authorities in identifying, detecting, protecting against, responding to, and recovering from cyber incidents” as well as appointment of a Cybersecurity Coordinator to manage the tool.
- Implementation of the recommendations contained in the report entitled ‘‘Cybersecurity: Agencies Need to Fully Establish Risk Management Programs and Address Challenges’’ https://www.gao.gov/assets/gao-19-384.pdf as well as the report entitled ‘‘Cybersecurity 22 Workforce: Agencies Need to Accurately Categorize Positions to Effectively Identify Critical Staffing Needs” https://www.gao.gov/assets/gao-19-144.pdf
- Develop a program for reinforcing the “physical and cybersecurity of electric utilities.” This includes a regime of stress testing for the power grid in order to identify weaknesses before they are exploited as well as a testing process for “products and technologies intended for use in the energy sector, including products relating to industrial control systems and operational technologies.” This part of the program includes grant money for rural and other underfunded utilities.
- Develop a program for “identify[ing] public water systems that if damaged or became inoperable, would lead to significant public health and safety issues.” Hopefully, that would all of them.