Less than a month ago, President Biden released his proposed budget for Fiscal Year 2022 that includes $9.8 billion in funding for cybersecurity enhancements. Cyberbreaches are making the headlines too often – almost on a weekly basis – and those are only the attacks that are reported. Not only are the breaches costly, but they also are dangerous. Potential threats to public safety as a result of cyberbreaches, in fact, are daunting. The Administration has made it clear that the Federal government intends to provide as much protection to the nation’s overall infrastructure as possible.
The proposed budget allocates $110 million to the Cybersecurity and Infrastructure Security Agency. Another $750 million is targeted for additional investment in cybersecurity. The budget provides $15 million to support the Office of the National Cyber Director, and the Technology Modernization Fund is set to receive a $500 million funding allocation.
Now Congress will begin to draft spending bills related to the proposed budget. That effort is likely to last until September 30, 2021, when the current budget ends. A new budget must be adopted by that date, or the government will partially shut down on October 1, 2021. If Congress is unable to meet the deadline, a Continuing Resolution will be required to keep the government functioning until a budget is approved.
Biden also issued a new executive order that confirms his intent to improve the nation’s cybersecurity. The directive outlines a series of new requirements that must be met by any company doing business with the federal government. The order also establishes a Cybersecurity Safety Review Board to analyze incidents and requires companies to report information about cyberbreaches.
As this enhanced focus on cybersecurity is happening, new cyberattacks – all more sophisticated and far-reaching than previous ones – are occurring. Cybersecurity breaches are under increased scrutiny. The most common types include ransomware attacks that shut down technology networks and operational breaches that take control over operational functions. The Colonial Pipeline attack was an operational breach that took control over critical systems and left the company unable to control the flow of gas, the financial accounting, and other operations. Operational cyberbreaches present a more immediate danger to public safety for obvious reasons. Cyberbreaches with the potential to take control over power grids, water systems, public transportation, or large public facilities represent an immediate danger to the public at large.
Because of the threat, and the fact that private sector firms will be in high demand to help modernize and enhance public cybersecurity for governmental entities, it is important to know what states are planning for cyberdefense and response.
Florida’s $100 billion 2022 budget includes $37.5 million for work on the state’s cybersecurity systems. Approximately $30 million is earmarked to implement initiatives recommended by the Florida Cybersecurity Taskforce. A Florida Digital Service Division within the Department of Management Services will address cyber threats, increase cybersecurity training, and provide additional resources to state agencies. Other allocations include $4.3 million for security event-management software, $4 million for vulnerability management, $3.2 million for a statewide inventory of cybersecurity assets, and $3.2 million for a new cybersecurity operations center. Other allocations include funding for endpoint protection software, industrial control systems defenses, and cybersecurity training resources.
Officials at Palm Beach Florida ISD have approved a 2021-2030 Capital Plan that includes numerous technology and security enhancements. Some of the technology needs include:
- Cyber and network security at a cost of $25 million on an ongoing basis between FY 2021 and FY 2030.
- Back-end infrastructure for $22 million.
- Network enhancements for $19.5 million.
- Computer refresh at $175 million.
- Data center optimization for $6.1 million.
Legislators in Texas recently passed a bill to create a Technology Improvement and Modernization Fund. If signed by the governor, funding will be available to improve and modernize state agency information resources and cybersecurity. Each agency will be required to submit a plan outlining its highest priorities.
Tennessee legislators passed a bill that mandates policies and procedures related to cybersecurity. The statute mandates that agencies identify cyber risks, implement mitigation planning, and report ways to protect cyber infrastructure. That law takes effect July 1, 2021.
Maryland legislators mandated new responsibilities for the Secretary of Information Technology. These include advising and consulting with the legislative and judicial branches of state government regarding cybersecurity strategy. The bill impacts all jurisdictions of government. Once information is gathered and strategy is planned, more action will be taken.
Recently Arkansas’ Department of Transformation and Shared Services requested $33.5 million in federal relief funds to implement its cybersecurity modernization plan. State leaders want to initiate transformations to centralize and modernize information technology (IT) infrastructure. The funding was approved from the $36 million in unallocated funds the state received in 2020. With this funding, the state will purchase equipment, software, and services to optimize the stability and security of the state’s technology operations, especially those linked to remote work and access.
Indiana’s HB 1169, which will take effect July 1, requires governmental entities to report attempted or successful cyberattacks. The Indiana Office of Technology will be responsible for reporting all breaches to assist with enhancing cybersecurity in the state.
The Hampton Roads Transit (HRT) Implementation Plan has several IT investments planned over the next three years. HRT has programmed funding in 2022 for a range of diverse technology projects for aging systems and the improvement of cybersecurity.
Cybersecurity is a huge concern for America – so much so that it is now considered by many to be a major component of infrastructure reform.