The bipartisan U.S. Senate Infrastructure Investment and Jobs Act is a 2,700-page legislative package that would invest $1 trillion in America’s roads, bridges, public transport, and Internet access over the next five years, among other priorities. The legislation, which the Senate passed yesterday, also includes key cybersecurity provisions. These provisions are clear acknowledgement of the need to address the increased security risk to America’s public and private sectors and supply chains in the COVID and post-COVID eras.
This cybersecurity focus is essential after large scale cyber incidents like the Solar Winds hack, which led to multiple federal agencies being breached; the Colonial Pipeline attack, which shut down the largest U.S. fuel pipeline and led to fuel shortages across the East Coast; the Microsoft Exchange Server data breach, which resulted in threat actors gaining access to numerous email accounts including those of diplomats; and the JBS hack, which threatened U.S. and global food supply chains.
The much-needed cybersecurity focus in the Infrastructure Investment and Jobs Act would:
- Help secure U.S. critical infrastructure like the electric grid and public water systems
- Enable state and local governments to modernize their digital infrastructure
- Support enterprises impacted by cyberattacks such as ransomware
- Empower the White House National Cyber Director office to execute its mission
- Allocate resources to DHS for cybersecurity research and sector risk management
- Make cybersecurity projects eligible for U.S. Department of Transportation programs
- Bolster national cybersecurity standards
It specifically includes $1 billion for the Department of Homeland Security (DHS) over four years to provide grants to state, local, tribal, and territorial entities to help address cyber threats. It also would help establish a DHS Cyber Response and Recovery Fund, with $100 million over five years, to assist with response and recovery efforts resulting from a significant cyber incident; and over $157 million over five years for DHS critical infrastructure security and resilience R&D.
The bill also would allocate $65 billion in grants to states, to bring high-speed Internet to more Americans, especially those who live in places where broadband access is currently unavailable. It will be critical to ensure that these networks are built securely from the ground up.
Most importantly, by acknowledging that cybersecurity is an essential part of any infrastructure package, the Act would set the path to a more secure future. To realize the full potential of these cybersecurity provisions, BlackBerry advises a focus on Zero Trust when planning and implementing enterprise architecture and prevention-first security – built to stop malware at the exploitation stage – to proactively protect our government, businesses, and communities.