Senate includes over $1.9 billion for cybersecurity in infrastructure bill

Senate includes over $1.9 billion for cybersecurity in infrastructure bill

The Senate included more than $1.9 billion in cybersecurity funds as part of the roughly $1 trillion bipartisan infrastructure package approved Tuesday.

The funds will go toward securing critical infrastructure against attacks, helping vulnerable organizations defend themselves and providing funding for a key federal cyber office, among other initiatives.

The infrastructure bill, which now goes to the House after it was approved by the Senate following weeks of negotiations, includes $1 billion in funds for state and local governments to strengthen their cybersecurity. Cyber criminals have launched more attacks since many services moved online during the pandemic.


The funds were part of the State and Local Cybersecurity Improvement Act, which would create a grant program at the Department of Homeland Security (DHS) to provide the $1 billion to these government entities over four years, with a quarter of the funds going to particularly vulnerable rural communities. 

“A cyberattack on a state or local government network can put schools, electrical grids, and crucial services in jeopardy,” Sen. Maggie HassanMargaret (Maggie) HassanKoch-backed group launches 7-figure ad blitz opposing .5T bill Overnight Hillicon Valley — Majority supports national data privacy standards, poll finds Senator calls on agencies to take action to prevent criminal cryptocurrency use MORE (D-N.H.), a key senator who negotiated the funds being included, said in statement Tuesday. “Even though cyberattacks are becoming more and more common in today’s threat landscape, state and local governments often do not have the adequate resources to defend against them. This new grant program will be a crucial resource for state and local governments, and I am very pleased that it is a part of our historic bipartisan infrastructure bill.”

Another bill incorporated into the Senate-approved infrastructure package was the Cyber Response and Recovery Act. The legislation authorizes the DHS secretary to declare a significant incident involving a cyberattack on a critical U.S. organization and creates a $100 million fund to be used by DHS over five years to help support groups impacted by the incident.

Senate Homeland Security Committee Chairman Gary PetersGary PetersHillicon Valley — Presented by Xerox — Officials want action on cyberattacks Officials urge Congress to consider fining companies that fail to report cyber incidents Senate Democrats announce million investment in key battlegrounds ahead of 2022 MORE (D-Mich.) and ranking member Rob PortmanRobert (Rob) Jones PortmanMajor US port target of attempted cyber attack Hillicon Valley — Presented by Xerox — Officials want action on cyberattacks Officials urge Congress to consider fining companies that fail to report cyber incidents MORE (R-Ohio) sponsored the original bill, with Peters on Tuesday underlining the need for increased cybersecurity funds. 

“These provisions will help strengthen cybersecurity at every level of government, protect sensitive personal information, and strengthen our response to online assaults by providing the federal government and other public and private entities, such as critical infrastructure companies, with the resources to prevent and recover from attacks,” Peters said in a statement.


DHS’s Cybersecurity and Infrastructure Security Agency was given $35 million to invest in sector risk management, while DHS’s Science and Technology Directorate was given more than $150 million over five years to invest in cybersecurity and technological research. 

The infrastructure package also included $21 million to provide funding for the White House national cyber director office. Former National Security Agency Deputy Director Chris Inglis was unanimously confirmed by the Senate to serve as the first national cyber director in June, but his office has so far not received funding, making it more difficult to carry out his duties.

Sens. Hassan, Portman, Kyrsten SinemaKyrsten SinemaWhy Democrats opposing Biden's tax plan have it wrong House Democrats set 'goal' to vote on infrastructure, social spending package next week The Hill's Morning Report - Presented by Alibaba - Democrats argue price before policy amid scramble MORE (D-Ariz.), Angus KingAngus KingOvernight Energy & Environment — League of Conservation Voters — Climate summit chief says US needs to 'show progress' on environment Manchin, Barrasso announce bill to revegetate forests after devastating fires Rep. Tim Ryan becomes latest COVID-19 breakthrough case in Congress MORE (I-Maine) and Mitt RomneyWillard (Mitt) Mitt RomneyGraham tries to help Trump and McConnell bury the hatchet GOP senator will 'probably' vote for debt limit increase Five questions and answers about the debt ceiling fight MORE (R-Utah) on Tuesday applauded the inclusion of the funds, which will be a one-time grant to run through the next fiscal year, when Congress can formally fund the office. 

“As we face increasing cyber threats, it is crucial that the National Cyber Director has the funding needed in order to be able to effectively and efficiently develop national cyber policies that best protect federal networks, data, and critical infrastructure,” Portman said in a statement. 

King, the co-chairman of the Cyberspace Solarium Commission, which was the driving force behind the creation of the national cyber director position, stressed separately that “we must ensure that Director Inglis has the resources to implement a comprehensive plan to protect our society, economy, and nation from those seeking to do us harm.” 

Cybersecurity has long been a bipartisan topic on Capitol Hill and has become a major priority for attention following multiple large-scale attacks on critical U.S. organizations. 

These attacks have included the SolarWinds hack, discovered in December, which involved Russian government-linked hackers compromising nine U.S. federal agencies, along with ransomware attacks on companies such as Colonial Pipeline and meat producer JBS USA this year. 

As a result of growing threats to critical infrastructure, the infrastructure package takes aim at shoring up energy cybersecurity, including designating $250 million for a Department of Energy program to provide grants to rural and municipal utilities, along with a further $350 million for enhancing grid security. 

While there is bipartisan support for most cybersecurity initiatives in the legislation, the overall infrastructure package now heads to the House for a vote before it has a chance of reaching President BidenJoe BidenFighter jet escorts aircraft that entered restricted airspace during UN gathering Julian Castro knocks Biden administration over refugee policy FBI investigating alleged assault on Fort Bliss soldier at Afghan refugee camp MORE’s desk to be signed into law. Timing for a vote on the massive bill is unclear.