President Joe Biden signed a $1 trillion infrastructure bill into law on Monday that includes nearly $2 billion for cybersecurity and related provisions.
The biggest piece of digital security funding is a Federal Emergency Management Agency cyber grant program, administered in consultation with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, that would distribute $1 billion over four years to state and local governments. An additional $21 million would go toward the Office of the National Cyber Director, which has been unable to make key hires since being established earlier this year due to funding shortages.
In all, the legislation — known as the Infrastructure Investment and Jobs Act — is “the largest investment in the resilience of physical and natural systems in American history,” the White House boasted, one that “makes our communities safer and our infrastructure more resilient to the impacts of climate change and cyber-attacks.”
Lawmakers have proven eager this year to advance funding for CISA, and more money for cybersecurity could be on the way soon through the Build Back Better Act that could clear Congress as soon as this week.
In the meantime, the state and local grant funding in the infrastructure bill isn’t the only DHS cyber money. The law devotes $100 million over four years to a pot set aside for when DHS declares a “significant incident” that would allow CISA to allocate aid to the public and private sector. DHS’s science and technology wing would receive nearly $158 million for research in cybersecurity and related areas, while CISA would get $35 million for sector risk management work.
At the Energy Department, the legislation establishes two $250 million programs, one for rural and municipal utility security and another for grid security research and development. At the Environmental Protection Agency, the law would re-up or create programs meant to address water cybersecurity threats.
Some of the legislation’s changes don’t provide additional funding, but rather make it an option to use existing grants on cyber. For instance, current Department of Transportation grant programs for highway projects would allow states to deploy those funds for cybersecurity. It also creates a Federal Highway Administration cyber coordinator position.