Funding Intends to Protect Against Cyberattacks
The act provides a variety of funding opportunities to enhance protection for critical infrastructure and provide greater broadband access across the country. It specifically designates $1.9 billion for cybersecurity and $65 billion to expand internet access.
Of the funding set aside to assist DHS in enhancing the nation’s cybersecurity, the act designates $100 million over four years in aid to the public and private sector that would be allocated by CISA if DHS declares an attack to be a “significant incident.” In addition, it sets aside nearly $158 million for research in cybersecurity and related areas by DHS’ science and technology wing, while CISA would receive $35 million for sector risk management work.
In addition, the legislation establishes two $250 million programs at the Department of Energy, one for rural and municipal utility security and another for grid security research and development. At the EPA, the law would provide additional funding for programs meant to address water cybersecurity threats.
Act Creates New Fund for Cybersecurity Resources
In addition to the funding to fill vacancies, the legislation gives the Office of the National Cyber Director a $21 million budget and creates a $100 million Cyber Response and Recovery Fund over the next five years.
The law gives CISA broad discretion to use the funds for vulnerability assessments, malware analysis, threat detection and hunting, and network protections, among other purposes. The funding is available to both private and public groups that have been negatively affected by significant cyber incidents.
According to the Government Accountability Office: “The federal government has a significant role in addressing cybersecurity risks facing the electricity grid, even though most of the grid is owned and operated by private industry. The Department of Energy has developed plans to implement a strategy for addressing grid cybersecurity risks, and the Federal Energy Resource Commission has approved mandatory grid cybersecurity standards.”
Educating utilities about cybersecurity and assisting in disaster recovery is now a federal government responsibility, and affected organizations should take advantage of the newly available funds.
Common Tech Solutions Could Boost Security for Utilities
It’s become typical for cybersecurity experts to advise that the likelihood of a cyberattack is no longer a matter of if, but when, and the energy and utility sector is not exempt.
Regardless of size, all organizations should assume they will be targeted. And with the ever-evolving threat landscape, some common incident response strategies are advisable across many industries.
Developing a playbook for incident response and engaging in security assessments and tabletop exercises can greatly improve an organization’s defenses. For utilities, which have been designated as critical infrastructure, the federal government now provides funding to implement many of those tools.