The Senate’s Infrastructure Investment and Jobs Act – the bipartisan infrastructure plan currently working its way through the amendment process – totals about $2 billion in cybersecurity funding, the White House said in an August 3 fact sheet about the legislation.
While the Senate legislation is largely focused on traditional infrastructure – roads, bridges, airports – the recent rise in cyberattacks has made cybersecurity another big priority in the legislation. Wrapping into the bill a number of cybersecurity items that began as separate pieces of legislation also helps to shore up support for the larger infrastructure legislation.
The largest amounts of funding included are the previously reported $1 billion for state and local government (SLG) cybersecurity grants, and $550 million for the cybersecurity of the electric grid. The bill also features $140 million for a cyber response fund, and provisions to fund cybersecurity research, sector risk management, and to stand up the office of the National Cyber Director.
“The recent cybersecurity breaches of federal government data systems, critical infrastructure, and American businesses underscore the importance and urgency of strengthening U.S. cybersecurity capabilities,” the White House fact sheet says.
A few cybersecurity provisions below the headline security items in the bill include:
The legislation would give the Department of Homeland Security’s (DHS) Science and Technology Directorate $157 million for cyber research and development, according to an analysis of the bill by the Information Technology Industry Council. That funding would go towards research for things like cyber vulnerabilities and testing.
Another $35 million would go to DHS’s Cybersecurity and Infrastructure Security Agency’s (CISA) operations budget. That funding would be used for risk management activities and stakeholder engagement, according to the bill. The funding will be available until fiscal year 2026.
The bill also completes an outstanding requirement from the FY2021 National Defense Authorization Act and provides $21 million in FY2022 for National Cyber Director Chris Inglis to stand up and staff his office. A bill to fund the office had been introduced in the Senate in late July before being added into the infrastructure bill.
The cyber portions of the bill are seen as “solid and promising” by Tenable VP of Governmental Affairs James Hayes. Hayes sees the grid resiliency aspect of the bill as potentially one of the most important cybersecurity actions taken, but also expressed optimism on the effects of funding Inglis’ office and the SLG cybersecurity grants.
“Inclusion of funding for the National Cyber Director and annual funding for CISA’s cyber response and recovery fund are key steps to bolstering our cybersecurity posture in both the public and private sectors,” Hayes said in a statement. “Additionally, the grant funding authorized in the State and Local Cybersecurity Improvement Act … is critical to countering increasingly common cyber threats.”