In a rare move, the US Senate recently passed the Bipartisan Infrastructure Investment and Jobs Act that included a clause committing $1.9 billion in cybersecurity spending to protect critical infrastructure. The bill was passed by the Senate on 10 August 2021 but is yet to appear before the House. If it receives the thumbs up, it will then be presented to President Joe Biden for final approval.
In a statement, cybersecurity investment was listed as one of the top 10 programs in this act. According to the statement, the motivation for was:
“The recent cybersecurity breaches of federal government data systems, critical infrastructure, and American businesses underscore the importance and urgency of strengthening U.S. cybersecurity capabilities.”
Clearly, the federal government recognizes infrastructure cybersecurity not just as a vital national security issue, but as one that threatens businesses and job security.
This reputation is deserved, as recent cybersecurity incidents involving critical national infrastructure have shown just how vulnerable these systems are that underlie much of our economy and society.
LIFAR’s cyber resiliency program provides the manpower and expertise to immediately respond and remediate to cyber incidents and breaches, in addition to providing a full array of services to increase your company’s cyber resiliency.
For example, a 2020 SolarWinds hack left Microsoft as well as dozens of government agencies vulnerable. It showed just how vulnerable government institutions are to these types of large-scale supply-chain attacks.
Over recent years, there has also been increased awareness of the threat posed by nation-state cybercriminal actors, particularly from Russia, China, North Korea, and others. The risk of these types of attacks is further increased due to heightened international tensions between these and other states, especially the U.S.
It’s hoped that this investment will help protect critical infrastructure, accelerate incident response, and modernize the digital defenses of state and local governments.
The bill was initially a $715 billion infrastructure package that included provisions related to federal-aid highway, transit, highway safety, motor carrier, research, hazardous materials, and rail programs of the Department of Transportation (DOT). Its scope has since been expanded to include funding for broadband access, clean water, electric grid renewal in addition to the transportation and road proposals.
However, many experts believe that this amount isn’t adequate to properly address the enormous risk currently posed by various cybersecurity threats to critical national infrastructure. Considering that $1.9 billion dedicated to cybersecurity is a mere 0.27% of the total package, they may have a point.
Just over half of the funds reserved for State, Local, Tribal, and Territorial (SLTT) government agencies and organizations be divvied up between at least 90,000 local governments across all 50 states. If you do the math, that’s only about $11,000 each.
Some of the specific budgetary items listed under the cybersecurity program are:
- $35M for CISA Sector Risk Management.
- $31.5M per year over 5 years (total $157.5M) for DHS Science and Technology Directorate for Research and Development.
- $20M per year for 5 years (total $100M) for the Cyber Response and Recovery Fund.
- $21M to the Office of the National Cyber Director.
Government agencies and those within the supply chain cannot afford to be complacent or expect that government bills and spending will relieve the pressure. Instead, they should proactively adopt common-sense cybersecurity best practices and incorporate cybersecurity awareness into their organizational culture and workplace practices.
Simple, yet effective steps that can be taken today are using multi-factor authentication, strong login credentials, effective and up-to-date endpoint security, practicing general cybersecurity hygiene, managing user privileges, and using secure backup protocols.