The “Investing in a New Vision for the Environment and Surface Transportation in America Act” or “INVEST in America Act” provides nearly two billion dollars in funding to enhance the nation’s cybersecurity. The bill is a proposed spending bill that over the next five years will invest billions in funding that works towards securing and state and local governments as well as US infrastructure reform.
Continuing and increasing ransomware attacks and data breaches have put pressure on the US government and the Biden Administration to take an effective action when it comes to cybersecurity infrastructure in the US. Recent prominent ransomware attacks have proven the dire need to upgrade infrastructure because of the fact that one single successful cyberattack can disrupt the entire infrastructure.
The bill provides nearly two billion dollars to cybersecurity employment efforts such as the hiring of cybersecurity experts in a variety of roles and assisting organizations in improving cybersecurity practices and defenses.
The INVEST in America Act establishes a National Cyber Resilience Assistance fund and disperses almost one billion dollars to improve the United State’s cybersecurity ecosystem for four years starting next year in 2022 through 2026.
“I frequently hear from state CIOs and state CISOs that their legislature doesn’t understand that cyber can’t be resolved with a one-time injection of money. The forthcoming grant program “is sort of like the ‘teach a man to fish’ adage, and that’s really important,” said Matt Pincus, director of government affairs at National association of State Chief Information Officers.
The funds allocated in this bill are designated to help state, local, municipal, and tribal governments in the US with better detection, response, investigation, and recovery from cyberthreats and attacks such as ransomware. It is important that this is an ongoing program which is why it is set up over the course of four years. The National Cyber Resilience Assistance Fund will have millions in funding replenished on an annual basis to aid major cyber incidents.
To receive funding through the INVEST in America Act organizations are required to follow frameworks set forth by the National Institute of Standards and Technology (NIST). Organizations must implement uncompromising and vigorous cybersecurity practices to comply with NIST’s frameworks and to protect data and privacy.
NIST requires that administrations within organizations that receive funding from the INVEST in America Act must develop a tool to identify, detect, protect against, respond to, and recover form cyberattacks. Designating a Cyber Coordinator will be a requisite along with a well-structured and effective cybersecurity plan. Developing a robust cybersecurity program will be essential for organizations as funds from the INVEST in America Act will not be allowed to be used to pay ransom in the event of a ransomware attack.