New $1 Trillion U.S. Infrastructure Bill Brings Big Funds and Attention to Cybersecurity

The $1.2 trillion Infrastructure Investment and Jobs Act that was just signed this week contains roughly $2 billion earmarked for cybersecurity improvements on the Federal, state and local levels.

The Act also singles out critical infrastructure, specifically energy, water, and transportation for funding.


This funding includes about $1 billion spread over four years for the State, Local, Tribal, and Territorial (SLTT) Grant Program to help these entities develop and implement cybersecurity plans. FEMA will administer the program.

The Act sets aside $100 million over five years for the Cyber Response and Recovery Fund. The funding will allow the Cybersecurity and Infrastructure Security Agency (CISA) to provide direct support to public or private entities that respond and recover from cyberattacks and breaches designated as a “significant incident.”

Bill Rucker, President of Trustwave Government Solutions shared his reaction to the $1 Trillion Infrastructure Bill: "The bipartisan infrastructure bill signed into law this week by President Biden represents a needed and significant investment in the protection of our nation’s cyberinfrastructure. Funding to secure state and local government’s critical assets is a welcome investment. I am pleased that this law also focuses on securing essential segments of our critical infrastructure such as hardening of our electric grids and requiring planning with an eye towards proactive cyber security to protect our SCADA systems. Finally, the creation of the cyber response and recovery fund to help provide for a quicker and more effective response to major cyber incidents is a positive development. A continued focus and investment in cyber security to protect sensitive data, key assets and critical infrastructure is crucial. This new law is an important step in that effort, but more work remains."


The government will make federal funding available for states to create energy security plans to secure their energy infrastructure against cybersecurity threats.

Additionally, $250 million will be made available over five years to fund the Rural and Municipal Utility Advanced Cybersecurity Grant and Technological Assistance Program.

The DOE is tasked with creating a program to develop advanced cybersecurity applications and technologies for the energy sector. This section authorizes $250 million to be spent over five years for the Cybersecurity for the Energy Sector R&D program, $50 million for the Energy Sector Operational Support for Cyber resilience Program, and $50 million for Modeling and Assessing Energy Infrastructure Risk.

The Act has set aside $400 million to cover several water projects, including over five years for the Midsize and Large Drinking Water System Infrastructure Resilience and Sustainability Program. Another $175 million is set aside over five years to extend an expired fund to help mitigate threats and emergencies to drinking water caused by a cybersecurity incident or other situation.


And $25 million over five years for the Clean Water Infrastructure Resiliency and Sustainability Program to provide grants to owners/operators of publicly owned treatment works to increase the resiliency of water systems against cybersecurity vulnerabilities and natural hazards.



###