Washington shouldn’t pat itself on the back for its cybersecurity spending just yet

Excerpt

October was “cybersecurity awareness month,” but November and December are shaping up to be cybersecurity spending season on Capitol Hill. Last month, the House approved the Build Back Better (BBB) Act, and President Biden signed the Infrastructure Investment and Jobs Act of 2021 into law. Together, these bills contain nearly $2.5 billion in cybersecurity-specific spending, buying some cybersecurity wins — but Congress missed a number of opportunities to improve U.S. critical infrastructure security.

As the BBB Act moves to the Senate, and assuming the Senate clears a path to pass the bill, lawmakers will have an opportunity to address some key cybersecurity gaps.

The White House specifically extolled the infrastructure bill for making “our infrastructure more resilient to the impacts of climate change and cyber-attacks.” For example, the $1 billion grant program to address cybersecurity risks to information systems owned and operated by state and local governments is long overdue. These governments will use the grants to develop and implement cybersecurity plans to address imminent threats. Meanwhile, for the energy sector, there are two $250 million cybersecurity-specific grant programs: one for support to rural and municipal utilities to address known cybersecurity issues, the other for support to developing cybersecurity technologies in the energy sector.