The Infrastructure and Investment and Jobs Act is a cybersecurity-focused investment. It uses a whole-of government approach to applying that investment and places a strong emphasis on supporting the cybersecurity needs of state and local governments. The monumental Senate passage of the Infrastructure Investment and Jobs Act (a bipartisan bill that modernizes the nation’s digital and physical infrastructures while creating thousands of jobs in America) was only the beginning.
The House must now take Washington’s promise to strengthen and upgrade the nation’s infrastructure and hold the baton. The House must build on the solid foundation provided by the Senate and prioritize cybersecurity’s crucial role in the future infrastructure of the country.
The Infrastructure and Investment and Jobs Act is a significant cybersecurity-focused investment. It also provides a needed whole of government approach to applying that investment. There is a clear emphasis on supporting the cybersecurity needs of state and local governments.
For the foreseeable future, Congress must keep cybersecurity at the forefront of its agenda. The Senate set an example. The technology industry is asking for the House to follow suit and protect the nation’s digital and physical infrastructures.
The following are key elements of the Infrastructure Investment and Jobs Act, which must be included in any legislation that is passed by the House:
Cybersecurity must be a key part of federal infrastructure modernization efforts.
The White House and Congress must negotiate an infrastructure package. This once-in-a generation federal investment must include substantial funding to ensure our infrastructure is resilient to any potential harms, even cyber threats. It should include legislative provisions that will secure our critical infrastructure connected, allow robust interoperability, ensure our society’s backbone can safely support the latest technological advances, and provide for strong security.
Investing in U.S. infrastructure resilience and protecting our systems against foreign and domestic cyber threats will support American infrastructure, American jobs and national security simultaneously.
Programs or projects that are funded must include baseline cybersecurity protections.
Public entities and owners of critical infrastructure who receive funding from an infrastructure package must conduct a cybersecurity risk assessment using the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity. All projects must identify any gaps between the current cybersecurity posture and a better posture based upon the assessment. The results of the risk assessment should help to create a plan to close any gaps. This could include deploying fundamental risk-based vulnerability management techniques. Bottom line: Any public or privately funded entity must implement the cybersecurity protections as outlined by Anne Neuberger, Deputy National Security Advisor Cyber and Emerging Technology in her June 2 memo.
Programs for cybersecurity grants are needed by both local and state governments.
There must be cybersecurity grant programs for both local and state governments to ensure resilience in all communities. The bipartisan State and Local Cybersecurity Improvement Act (H.R. 3138), which could be used as a model for a grant program of this nature, is the Senate’s infrastructure bill. It allocates $1 billion more funding.
The House has the opportunity to expand federal government’s approach towards cybersecurity. This is in addition to the important elements contained in the Senate’s bill. The most important opportunities are in emerging technologies like artificial intelligence and machine-learning, the creation of a federal Software Bill of Materials and greater investments in the training of the cybersecurity workforce that the nation requires.
Machine learning and AI are essential to create new cybersecurity tools for businesses and governments. Congress must support the deployment of new technologies and professional services to prevent and react to cyberattacks. Legislation should support vulnerability management, intrusion detection, and endpoint security tools.
A Software Bill of Materials (SBOM) is also needed. This can be a powerful tool to improve the integrity and security of software that enables the critical connected infrastructure supported by President Biden’s Executive Order 14028 on Improving Cybersecurity.
Finally, the U.S. must ensure that the cyber workforce is available to government agencies and businesses in order to provide the necessary skills to protect the U.S. The United States will likely face a shortage in 1.8 mil
