With the Passage of the Infrastructure Bill Comes New Cybersecurity-Related Implications

On November 15, 2021, President Biden signed into law the Infrastructure Investment and Jobs Act ("Act"). Included in the $1.2 trillion Act will be the issuance of $2 billion of critical funding for cybersecurity infrastructure, primarily through state and local resources.

The specifics of this funding is outlined as follows:

• under Title IV (Financial Services and General Government) of the Act, $21 million has been allocated to the Office of the National Cyber Director, Chris Inglis, “to carry out the purposes of section 1752 of the National Defense Authorization Act for Fiscal Year 2021”;

• under subsection (3) in the federal assistance section of Title V, (Department of Homeland Security Enforcement, and Investigations), $1 billion is to “remain available until expended, for grants to states, local, tribal, and territorial governments for improvement to cybersecurity and critical infrastructure”; and

• under the cybersecurity response and recovery fund section of Title V, $100 million to remain available until September 30, 2028 for the issuance of the Department of Homeland Security’s Cybersecurity Response and Recovery Fund.

Sec. 219a (Incentives for Cybersecurity Investments) the Act encourages participation by government entities in “information sharing programs” to better identify infrastructure that is susceptible to a cyber-attack.

Additionally, under Sec. 40521 (Future of Industry Program and Industrial Research and Assessment Centers) the legislation mandates that the Federal Highway Administration coordinating with the National Institute of Standards and Technology, Transportation Security Administration, and CISA establish a structured cybersecurity assessment and development program that is equipped to identify, detect, protect, and respond to cyber incidents. 

For additional information or assistance, please contact Kennedy Sutherland LLP.