Indeed, the bipartisan infrastructure bill that keeps getting delayed includes broadband upgrades, as well as new cybersecurity funding for state and local governments to protect their critical infrastructure.
The Infrastructure Investment and Jobs Act (INVEST) passed the Senate months ago. When it becomes law, it designates $1 billion for the State, Local, Tribal and Territorial (SLTT) Cyber Grant Program within the Cybersecurity and Infrastructure Security Agency (CISA) over four years.
You can read the entire bipartisan infrastructure plan’s 57-page summary at this CNN website. Based on the latest news at the end of October, it now appears that it could be another month before the bill becomes law.
FEDERAL CYBER ACTIVITY IS 'FAST AND FURIOUS'
But meanwhile, many other federal cybersecurity activities continue that likely will be models for state and local government activities going forward. (Some of these may even be tied to CISA grant funding when guidance is provided, so state and local tech and cyber leaders need to pay close attention.)
“If the Biden administration’s cybersecurity effort was a movie, it would be 'The Fast and the Furious' series.
“Chapter one of the epic was the May executive order where we understood the premise of fast cars, and the cat-and-mouse game of cops and robbers. By the summer, we saw episodes two and three drop through memos around incident response and critical software. Seeing the reaction of the 'fans' — or in this case the federal community — the White House doubled down with more action and more drama by releasing the draft zero-trust strategy last month.
“Just last week, the Office of Management and Budget came through with their latest series’ installment — consider this the 'Fast Five,' where the street racing crew must buy their freedom from a drug lord and a federal agent gone bad.
“But in the Biden administration’s version, agencies must find their freedom from cyber attackers through the improved use of endpoint detection and response tools. The new endpoint detection and response memo details a series of deadlines for agencies and the Cybersecurity and Infrastructure Security Agency (CISA) over the next 90 to 120 days.”
The article goes on to describe the FISMA reform bill and tested measures to stop cyber attacks. I encourage you to read the entire article, and you can also watch this excellent Bloomberg interview with Brandon Wales, executive director, CISA:
OTHER RECENT FEDERAL CYBER ACTIONS
TheHill.com reported this past week that "Biden administration officials outline steps to tackle urgent cyber threats":
“Top Biden administration officials on Thursday outlined steps taken to confront the increase in cyber threats against the nation, including through strengthening key critical infrastructure groups.
“National Cyber Director Chris Inglis detailed these steps in both a strategic intent document issued by the White House and an op-ed in The Wall Street Journal, prioritizing issues including enhancing federal cybersecurity efforts, improving public-private coordination and shoring up resources and resilience to face cyber threats. …
“As part of efforts to strengthen federal cybersecurity, Inglis announced Thursday that Federal Chief Information Security Officer (CSIO) Chris DeRusha would also take on the role of deputy national cyber director for federal cybersecurity.
“'That is not a subjugation of his authorities to the national cyber director, it’s an alignment and a harmonization, such that we’ll make sure that what we do we do together,” Inglis said at CSIS. 'If you are a CISO in the federal enterprise, we are finishing each other's sentences. We are not going to give conflicting guidance, it will always be complementary.'”
Chris DeRusha, who was the chief security officer in Michigan before joining the Biden presidential campaign team and later the Biden administration, continues to outline a series of steps to strengthen federal cybersecurity across all agencies.
Why is this significant for state and local governments? Besides the importance of partnerships, the steps taken at the federal level often portend what will be coming to states soon. The support that so many local governments want will often come with strings attached, and I expect that to become clearer in 2022 and beyond.
I also want to be clear that I am an advocate for what this federal team is doing, and I applaud their bold actions to strengthen cyber defenses at a fast pace.
POLITICIANS WEIGH APPROACHES TO CYBERSECURITY
This video shows that the vital importance of cybersecurity has risen to the highest levels of the political agendas in Washington, D.C.
We all need to do more, and the federal cyber leadership team is pointing the way at the moment.
