Washington shouldn’t pat itself on the back for its cybersecurity spending just yet | TheHill – The Hill
October was “cybersecurity awareness month,” but November and December are shaping up to be cybersecurity spending season on Capitol Hill. Last month, the House approved the Build Back Better (BBB) Act, and President BidenJoe BidenSinema doubles down on filibuster, in setback for rules chan…….
October was “cybersecurity awareness month,” but November and December are shaping up to be cybersecurity spending season on Capitol Hill. Last month, the House approved the Build Back Better (BBB) Act, and President BidenJoe BidenSinema doubles down on filibuster, in setback for rules change talks Overnight Energy & Environment — Senate panel backs drilling fee hike Overnight Defense & National Security — Senate passes sweeping defense bill MORE signed the Infrastructure Investment and Jobs Act of 2021 into law. Together, these bills contain nearly $2.5 billion in cybersecurity-specific spending, buying some cybersecurity wins — but Congress missed a number of opportunities to improve U.S. critical infrastructure security.
As the BBB Act moves to the Senate, and assuming the Senate clears a path to pass the bill, lawmakers will have an opportunity to address some key cybersecurity gaps.
The White House specifically extolled the infrastructure bill for making “our infrastructure more resilient to the impacts of climate change and cyber-attacks.” For example, the $1 billion grant program to address cybersecurity risks to information systems owned and operated by state and local governments is long overdue. These governments will use the grants to develop and implement cybersecurity plans to address imminent threats. Meanwhile, for the energy sector, there are two $250 million cybersecurity-specific grant programs: one for support to rural and municipal utilities to address known cybersecurity issues, the other for support to developing cybersecurity technologies in the energy sector.
The Infrastructure Act also includes some much-needed policy direction and appropriations for the Cybersecurity and Infrastructure Security Agency (CISA). These consist of granting authority to the federal government — along with $100 million in financing — to establish a “response and recovery” fund that would provide government assistance to remediate and recover from a significant cyber incident. CISA also receives $35 million in funding for its sector risk management responsibilities and another $157 million for research and development efforts. Finally, the Infrastructure Act provides $21 million in initial funding for the national cyber director, Chris Inglis, to fully staff and equip his office, which Congress created in last year’s National Defense Authorization Act.
The version of the BBB Act passed by the House, meanwhile, funds additional important cybersecurity efforts. Nearly half of its $500 million in cybersecurity funding goes to awareness, education, and training efforts. Specific funding for the Cybersecurity Education and Training Assistance Program (CETAP) and for state and local workforce initiatives is particularly well-deserved. In the past, CISA has underfunded the CETAP effort in its annual budget, relying on “congressional cover” to keep the program running. The BBB Act provides that cover.</…….
