President Joe Biden's infrastructure proposal includes billions of dollars tied to improving cybersecurity, an area of intensified interest after the ransomware attack on the Colonial Pipeline Co. sent US gasoline prices soaring last week.
But the exact amount that will be spent on improving cyber defenses remains to be seen, reports Bloomberg.
The $2 trillion American Jobs Plan, as the infrastructure proposal is known, includes $20 billion for state, local and tribal governments to modernize their energy systems contingent upon meeting cybersecurity standards, as well as $2 billion for grid resilience in high-risk areas that will be contingent on meeting cybersecurity targets, the White House said in a fact sheet obtained by Bloomberg News ahead of its release Tuesday.
The administration is also characterizing the plan's call for $100 billion for high-speed broadband access as part of its wider security effort, since grant recipients will be asked to source from "trusted vendors" and implement cybersecurity measures. In addition, the plan lays out a new tax credit for transmission infrastructure that the administration believes will encourage stronger cyber capabilities.
The White House is negotiating with a group of Senate Republicans on an infrastructure bill that would include much of Biden's proposal, with a counter-proposal expected from the senators on Tuesday. The original infrastructure plan, which was released at the end of March, doesn't mention the need for cybersecurity spending.
Administration officials, speaking on the condition of anonymity to preview the outline of cybersecurity proposals, stressed that the jobs plan proposals are just one part of a broader effort to elevate cyber issues across the federal government. "Cybersecurity is one of the preeminent challenges of our time, which is why President Biden has made strengthening US cybersecurity capabilities a top priority," the White House said in the fact sheet.
Biden signed an executive order on May 12 intended to improve the federal government's information sharing about cyberattacks with the private sector while adopting better safety practices throughout the government. The order is intended to help the US respond more swiftly to attacks on both public and private infrastructure.
Biden's fiscal 2022 budget blueprint, released last month, included $2.1 billion for the Cybersecurity and Infrastructure Security Agency, $110 million more than its funding for 2021. The American Rescue Plan, signed by Biden in March, authorized an additional $1.65 billion for cybersecurity efforts. That includes $1 billion for the federal government's Technology Modernization Fund, which will go toward immediate security upgrades and a shift to a secure cloud infrastructure, and $650 million for CISA to improve its response capabilities and to upgrade its ability to support security projects at federal departments and agencies.
The Colonial attack is the latest in a series of devastating hacks against American government agencies, businesses and health facilities. They include a cyber-attack by Russian hackers that targeted software updates in Texas-based SolarWinds Corp., which were then received by some of its customers. In all, nine government agencies and about 100 companies were infiltrated by the Russian hackers, using the SolarWinds's backdoor and other methods.