How the Infrastructure Bill Boosts State and Local Cybersecurity
The core element of the bill’s cybersecurity funding for state and local governments is a $1 billion measure to support cybersecurity grants for state, local, tribal and territorial governments over four years.
As MeriTalk reports, the grant program in the Senate bill matches legislation in the State and Local Cybersecurity Improvement Act, which the House passed in July.
The Department of Homeland Security would run the grant program, which would receive $200 million in fiscal year 2022, $400 million in FY 2023, $300 million in FY 2024 and $100 million in FY 2025.
Governments seeking a grant would need to show DHS that they have a comprehensive cybersecurity plan that would enable them to access and use the funding, MeriTalk reports. Politico adds, “Governments can apply to the program to help upgrade their networks, but they can’t use the funds to do things like pay a ransom in a cyberattack.”
The funding could be a lifeline for smaller localities that may not have the budget for a dedicated cybersecurity team. “At least Atlanta and Baltimore have robust IT departments and information security teams,” Ed Mattison, an executive vice president at the Center for Internet Security, tells the Post, citing two recent high-profile ransomware attacks on city government. “They had some semblance of a plan. Many smaller municipalities don’t have that. This could be a game changer for them.”
At least 80 percent of the grant money has to go to local governments, and 25 percent would need to go to rural areas, according to a fact sheet from the bill’s sponsor, Sen. Maggie Hassan.
The bill would also provide $140 million through FY 2028 for a cyber incident response and recovery fund to be administered by DHS’ Cybersecurity and Infrastructure Security Agency. That money would provide direct support to public and private entities as they respond to and recover from significant cyberattacks and breaches.