Senate passes almost $2 billion in cyber security funding

The senate floor during a vote

The Senate has included at least $1.8 billion in cyber security funding as part of the landmark infrastructure package it passed yesterday.

The Infrastructure Investment and Jobs Act, which allocates $1.2 trillion in infrastructure spending across the US, made it through the Senate on Tuesday and now goes to the House of Representatives.

The legislation, which enacts some of the provisions in the president's Build Back Better strategy, includes initiatives for improving cyber security across multiple infrastructure areas, including mandates for municipal water and electricity.

The lion's share of the cyber security funding landed in the infrastructure bill via another piece of legislation, the State and Local Cybersecurity Improvement Act. This provides the funds over four years via a Department of Homeland Security (DHS) grant to bolster state, local, and tribal government cyber security. This funding will be administered by the Federal Emergency Management Agency (FEMA).

Under the Act, states must distribute at least 80% of the funds to local governments, including 25% to rural areas. Those local governments must submit a cyber security plan to the Cybersecurity and Infrastructure Security Agency (CISA), the cyber security arm of the DHS.

Senator Maggie Hassan (D-N.H), who negotiated the cyber security bill, said the funding was key to preserving national security.

"A cyberattack on a state or local government network can put schools, electrical grids, and crucial services in jeopardy,” she warned.

“Even though cyberattacks are becoming more and more common in today’s threat landscape, state and local governments often do not have the adequate resources to defend against them. This new grant program will be a crucial resource for state and local governments, and I am very pleased that it is a part of our historic bipartisan infrastructure bill."

Other cyber security measures included $250 million on a program to secure municipal and rural electrical utilities over five years and $250 million to secure the electrical grid. Another $100 million is earmarked for operational security reports and modeling energy infrastructure risk.

Another bill, the Cyber Response and Recovery Act, carves out $20 million per year from 2022 to 2028 to deal with major cyber security incidents. The infrastructure package also allocates $150 million for the DHS to spend on cyber security research. The office of National Cyber Director Chris Inglis, who was confirmed in June but had not yet received funding, gets $21 million as part of the package.

Danny Bradbury

Danny Bradbury has been a print journalist specialising in technology since 1989 and a freelance writer since 1994. He has written for national publications on both sides of the Atlantic and has won awards for his investigative cybersecurity journalism work and his arts and culture writing. 

Danny writes about many different technology issues for audiences ranging from consumers through to software developers and CIOs. He also ghostwrites articles for many C-suite business executives in the technology sector and has worked as a presenter for multiple webinars and podcasts.