President Biden on Monday signed into law the $1.2 trillion infrastructure spending bill that includes billions in funding for stronger cybersecurity.

Within this bill, about $2 billion will go to boosting cybersecurity. The goal is to bolster federal and local IT networks to better respond to the sharp increase in cyberattacks.

Of the $2 billion, $1 billion will go to the state, local, tribal and territorial (SLTT) cyber grant program within the Cybersecurity and Infrastructure Security Agency (CISA) over four years.

Crucial Step in Improving Infrastructure Security

Danny Lopez is CEO of Glasswall, which provides protection against file-based threats. He said the infrastructure bill is a “crucial step in improving the security of the nation’s infrastructure.”

Glasswall’s Danny Lopez

The bill will also help modernize systems to protect sensitive data and information, he said..

“Following a rise in attacks on water systems in areas like Florida and the Bay Area, the bill requires the EPA and CISA to identify at-risk public water systems that could impact a large percentage of the population if deemed unsafe or inoperable due to cyber threats,” Lopez said. “This is an extremely welcome initiative.”

In addition, the bill incorporates the Cyber Response and Recovery Act of 2021. That allocates a “whopping” $100 million to improve government cybersecurity, and a significant investment in talent for the office of the new National Cyber Director, he said.

This bill and the administration’s executive orders show just how seriously federal cyber leaders take the ongoing threat, Lopez said.

“Previous [executive orders] have emphasized the importance of stronger multifactor authentication (MFA) and encryption,” he said. “These are critical elements in an effective cybersecurity strategy. But an overarching zero-trust approach will take businesses’, government agencies’ and critical infrastructure organizations’ protection to the next level.”

Method of Implementation Important

Mark Carrigan is cyber vice president of process safety and operational technology cybersecurity at Hexagon PPM. It provides engineering software for the design, construction and operation of plants, ships and offshore facilities.

Hexagon PPM’s Mark Carrigan

“We are encouraged that Congress has included $50 billion in the infrastructure bill to improve the resiliency of power and water systems, protecting them from cyberattacks and natural disasters,” he said. “Implemented properly, this program could make a considerable difference by making our critical infrastructure more resilient to events that are inevitable — hurricanes, droughts, floods and cyberattacks. Implemented improperly, taxpayers could end up spending a lot of money but still find themselves without power for a long time after an employee accidentally opens the wrong email that grants access to the wrong people.”

Operators in critical infrastructure should not wait on congress to continue their investments to improve operational resiliency, Carrigan said.

“It is when, not if a natural disaster or cyberattack will strike,” he said.

Newly Established National Cyber Director

Neil Jones is cybersecurity evangelist with Egnyte, a provider of cloud content security and governance. He said allocating funds to maintain resilience of the United States’ infrastructure against cyberthreats and malevolent nation-states is good news.

“These changes will boost the country’s cybersecurity efforts and jump-start the government’s response to cybersecurity intrusions,” he said. “And, it will protect U.S. citizens’ health and well-being. [That’s] an essential outcome you can’t put a dollar figure on during an ongoing pandemic.”