Attentive to both the physical and digital infrastructure improvements the nation needs, the Act calls out three types of cyber investments:
Improving cybersecurity in the power, water and transportation infrastructures. For the power infrastructure, there’s $600 million in cyber-related support, including funding for research and development of advanced cyber technologies for the smart grid. For more secure water systems, $375 million is allocated for things like technical assistance in responding to attacks. The Act also calls for a coordinator to help alert and advise transportation authorities on cyber incidents.
Upgrading systems and software at the state, local and tribal government levels. Allocations totalling $1 billion over four years in grants to non-federal governments to address cybersecurity risks and threats to their information systems.
Providing resources for cyber coordination and response at the federal government level. The Act funds the office of the new National Cyber Director with $21 million. It would replenish the Cyber Response and Recovery Fund with $20 million annually through 2028.
Cybersecurity will likely see more policy and regulatory activity. There’s still much for President Biden’s cyber leadership team and Congress to accomplish to achieve whole-of-government responses. Biden issued an executive order on cybersecurity to make federal government systems harder to break into, using its $70 billion IT purchasing power to impel the market to build security into all software from the ground up. The president also issued a memo calling for the modernization of defenses in industrial control systems, an Achilles heel in many critical infrastructures. Meanwhile, the 117th Congress has introduced more than a dozen bills on cybersecurity.
Around two-thirds of America’s critical infrastructure and key resources is in your hands. How should you prepare to take advantage of the infusion of federal dollars? How can you use that money to strengthen your own cybersecurity programs? How are you getting ready for the shift from voluntary compliance to performance mandates?