The Senate included more than $1.9 billion in cybersecurity funds as part of the roughly $1 trillion bipartisan infrastructure package approved Tuesday.
The funds will go toward securing critical infrastructure against attacks, helping vulnerable organizations defend themselves and providing funding for a key federal cyber office, among other initiatives.
The infrastructure bill, which now goes to the House after it was approved by the Senate following weeks of negotiations, includes $1 billion in funds for state and local governments to strengthen their cybersecurity. Cyber criminals have launched more attacks since many services moved online during the pandemic.
The funds were part of the State and Local Cybersecurity Improvement Act, which would create a grant program at the Department of Homeland Security (DHS) to provide the $1 billion to these government entities over four years, with a quarter of the funds going to particularly vulnerable rural communities.
“A cyberattack on a state or local government network can put schools, electrical grids, and crucial services in jeopardy,” Sen. Maggie Hassan (D-N.H.), a key senator who negotiated the funds being included, said in statement Tuesday. “Even though cyberattacks are becoming more and more common in today’s threat landscape, state and local governments often do not have the adequate resources to defend against them. This new grant program will be a crucial resource for state and local governments, and I am very pleased that it is a part of our historic bipartisan infrastructure bill.”
Another bill incorporated into the Senate-approved infrastructure package was the Cyber Response and Recovery Act. The legislation authorizes the DHS secretary to declare a significant incident involving a cyberattack on a critical U.S. organization and creates a $100 million fund to be used by DHS over five years to help support groups impacted by the incident.
Senate Homeland Security Committee Chairman Gary Peters (D-Mich.) and ranking member Rob Portman (R-Ohio) sponsored the original bill, with Peters on Tuesday underlining the need for increased cybersecurity funds.
“These provisions will help strengthen cybersecurity at every level of government, protect sensitive personal information, and strengthen our response to online assaults by providing the federal government and other public and private entities, such as critical infrastructure companies, with the resources to prevent and recover from attacks,” Peters said in a statement.
DHS’s Cybersecurity and Infrastructure Security Agency was given $35 million to invest in sector risk management, while DHS’s Science and Technology Directorate was given more than $150 million over five years to invest in cybersecurity and technological research.
The infrastructure package also included $21 million to provide funding for the White House national cyber director office. Former National Security Agency Deputy Director Chris Inglis was unanimously confirmed by the Senate to serve as the first national cyber director in June, but his office has so far not received funding, making it more difficult to carry out his duties.
Sens. Hassan, Portman, Kyrsten Sinema (D-Ariz.), Angus King (I-Maine) and Mitt Romney (R-Utah) on Tuesday applauded the inclusion of the funds, which will be a one-time grant to run through the next fiscal year, when Congress can formally fund the office.
“As we face increasing cyber threats, it is crucial that the National Cyber Director has the funding needed in order to be able to effectively and efficiently develop national cyber policies that best protect federal networks, data, and critical infrastructure,” Portman said in a statement.
King, the co-chairman of the Cyberspace Solarium Commission, which was the driving force behind the creation of the national cyber director position, stressed separately that “we must ensure that Director Inglis has the resources to implement a comprehensive plan to protect our society, economy, and nation from those seeking to do us harm.”
Cybersecurity has long been a bipartisan topic on Capitol Hill and has become a major priority for attention following multiple large-scale attacks on critical U.S. organizations.
These attacks have included the SolarWinds hack, discovered in December, which involved Russian government-linked hackers compromising nine U.S. federal agencies, along with ransomware attacks on companies such as Colonial Pipeline and meat producer JBS USA this year.
As a result of growing threats to critical infrastructure, the infrastructure package takes aim at shoring up energy cybersecurity, including designating $250 million for a Department of Energy program to provide grants to rural and municipal utilities, along with a further $350 million for enhancing grid security.
While there is bipartisan support for most cybersecurity initiatives in the legislation, the overall infrastructure package now heads to the House for a vote before it has a chance of reaching President Biden’s desk to be signed into law. Timing for a vote on the massive bill is unclear.