How Biden’s American Jobs Plan Seeks To Increase Cybersecurity
The White House, saying that “cybersecurity is one of the preeminent challenges of our time,” today released details on how President Joe Biden’s American Jobs Plan would increase the country’s cyber defenses.
According to a fact sheet issued by the White House on Tuesday, the plan would:
Make $20 billion in energy infrastructure investments for state, local, and tribal governments, contingent on cyber modernization.
- This $20 billion investment in Department of Energy-administered energy system modernization block grants would support critical infrastructure through grid resilience, clean electricity, and cybersecurity efforts.
- The funds are designed to spur early action by state and local governments to create a favorable environment for increased private investment, creating jobs, reducing pollution, and boosting security.
- The modernization block grants will be tied to the use of and compliance with 21st century energy, technology, and security standards.
Promote a secure network with a $100 billion investment in broadband.
- This investment will also promote network security.
- Grant recipients will be asked to source from “trusted vendors” and give preference to open, interoperable architecture where feasible, and implement cybersecurity consistent with approaches and priorities described in the Executive Order on Cybersecurity of May 12, 2021.
Create a new tax credit for transmission infrastructure that will help finance cyber technologies for the electric grid.
- This would be a targeted investment tax credit that incentivizes the buildout of at least 20 gigawatts of high-voltage capacity power lines and mobilizes tens of billions in private capital off the sidelines.
- These tax credits will also encourage stronger cybersecurity capabilities.
Safeguard critical infrastructure and grid resilience.
- Allocates $2 billion to support micro-grids and distributed energy infrastructure for grid resilience in areas with high risk of power outages, critical infrastructure, and front-line communities.
- These funds will also be used for transmission risk reduction, including planning grants, scale up grants, efforts for winterization and floods, and supply chain readiness (including equipment reserves).
Raising A Greater Question
Cyber consultant David Garrity observed that, "The implicit call for the U.S. government to have responsibility for private company cybersecurity raises the greater question of what constitutes necessary infrastructure in the context of a 21st-century economy which has become... increasingly digital”
He said, “... the pressing issue now is how will companies address what is [a growing] active threat environment that is only likely to intensify in light of the $5 million payment made to DarkSide, the cybercriminal gang that shut down the Colonial Pipeline.
“The blood is in the water and the sharks are circling, so expect to see more ransomware attacks targeting critical infrastructure as there are estimates that less than 25% of the U.S. oil and gas industry has adequate cybersecurity in place,” Garrity concluded.
Ondrej Krehel, CEO of cyber security company LIFARS, said, "A focus on cybersecurity from our country’s leadership is long overdue. The proposed plan should appropriate federal funds that will make cybersecurity preparedness a reality.
“If a bill is passed and the budget is not equal to the threat we face, then we are doing nothing more than putting a band-aid on a bullet hole The plan needs to address and establish cybersecurity maturity standards across all U.S. critical infrastructure (including, state, local and tribal governments),” he said.
More Diversity Needed
Kristina Libby is a cybersecurity expert and sits on a NATOCybersecurity Working Group. She said, “While the U.S. is currently a leader in cybersecurity, the demographic is often staid: male, young, white. We need more diversity in jobs...to ensure that we think about and respond to security concerns in a number of ways.
“Men and women, young and old, etc think of risk differently, think of intrusion differently and think of attacks differently. Countries like the UAE recognize this and have rapidly expanded their cyber education and cyber recruitment policies in the past decade. So too have many Asian countries,” she said.
Libby observed that spending this allocation in cyber signals a massive new consumer (the government) and a massive increase in awareness across enterprise and small and medium size business consumers as well. With increased awareness there will be more market demand and a new crop of companies addressing challenges and legacy companies pivoting approach, working with new tech, etc.
“This spells big opportunity for the tech community,” she concluded.
Richard Robinson, CEO of cyber security company Cynalytica, said “If carried out as described, the actions proposed in the American Jobs Plan will help to bolster the cybersecurity posture of American critical infrastructure. [H]owever, they do not go far enough to address the vast scale and scope of the problem we are facing.
“While the disruption of the Colonial Pipeline was certainly significant, as reported the attack was simply commoditized ransomware—nation states and cybercriminals currently have the capability to destroy and disable critical infrastructure for far longer than we saw with Colonial by targeting operational technology systems rather than IT systems,” he said.