Skip links

Key Cybersecurity Initiatives Within the New Infrastructure Bill

Improving State and Local Government Cyber Resilience  

Cyberattacks and ransomware plague the state and local governments and cost taxpayers billions of dollars. Cyberattacks cost organizations about $18.88 billion in recovery costs and downtime in 2020, and municipal governments were subject to 45% of ransomware attacks in the past 12 months. That is why the recent Infrastructure bill is so important in assisting agencies at all state and local government levels with funding their cybersecurity. 

Passed by the House of Representatives the evening of November 5th and signed into law the next day,  the $1.2 trillion Infrastructure bill (H.R. 3684) has a significant cybersecurity component. The bill authorizes $1.9 billion in spending for specific cybersecurity initiatives and moves state and local governments toward improving cyber resilience. 

We’ve combed through the bill’s 2,700-pages to outline key cybersecurity initiatives and what it means for your agencies and constituents. 

Supporting Cybersecurity Projects Even for Rural Areas   

The bill designates $1 billion over four years for the State, Local, Tribal, and Territorial (SLTT) grant program. It provides federal cybersecurity assistance, and these grants stipulate at least 80% to local governments and 25% of that earmarked for rural areas.  

Funding for rural areas provides some overdue and badly needed support to upgrade power infrastructure, improve drinking water, and connect rural communities with upgrading bridges and roads.  

Protecting Critical and Vulnerable Infrastructure From Cyberattacks 

A $250 million grant program provides aid in protecting critical infrastructure from cyberattacks.  The Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance Program awards will help utilities safeguard against and respond to cybersecurity threats. States and cities must precisely outline how they plan to spend the grant money to the Cybersecurity and Infrastructure Security Agency (CISA) and put up matching money. 

FEMA will administer the grant program taking advantage of their existing grant systems and expertise, with CISA providing cybersecurity subject matter expertise. 

Protection for Our Vital Resource: Water  

The bill also establishes a Clean Water Infrastructure Resilience and Sustainability program. Over five years, it authorizes $75 million total for the EPA to create a competitive grant pilot program providing state and local governments with funds to increase the resilience of publicly owned treatment works to a natural hazard or a cybersecurity threat. 

In addition, the bill establishes the Midsize and Large Drinking Water System Infrastructure Resilience and Sustainability Program. This program awards grants totaling $50 million per year for five years to increase the resilience of midsize and large water systems against natural hazards, cybersecurity threats, and extreme weather events.  

Emergency funding is now available to respond to digital attacks on public water systems. It makes grants available to help critical water systems to increase their ability to deal with cyberattacks, natural hazards, and extreme weather. 

One provision within the bill tasks the CISA with developing a list of public water systems deemed vulnerable to a cyberattack. They will then create a plan to provide voluntary technical and cybersecurity support to those public water systems. 

An amendment to the Safe Drinking Water Act specifies that the EPA Administrator will provide technical assistance and grants to states to help them in emergencies stemming from cybersecurity events. 

Lastly, it directs the EPA and CISA to develop a “prioritization framework” for identifying public water systems susceptible to cyberattacks. 

Keeping Our Energy Grids Secure 

The Department of Energy (DOE) receives an additional $550 million for cybersecurity, energy security, and emergency response. It includes designating $250 million for a DOE program providing grants to rural and municipal utilities. In addition, $350 million for enhancing grid security. 

The bill requires the creation of three DOE programs to design cybersecurity applications and technology for the energy sector, enhance the department’s emergency response capabilities, and increase energy operations in the face of cyber threats and hazards. DOE was awarded $50 million for the first program and $50 million for the second program. 

Improving Response to Cyberattacks 

Allowing the federal government to coordinate its response to significant hacks better, $21 million in funding is earmarked to stand up a new National Cyber Director’s office. It also creates a $100 million Response and Recovery Fund for the DHS to support both private companies and governments’ recoveries from cyberattacks. 

The CISA receives $35 million to invest in sector risk management, while DHS’s Science and Technology Directorate gets more than $150 million over five years to invest in cybersecurity and technological research. 

The bill directs the Federal Highway Administration to create a new tool within two years to help transportation authorities better identify, detect, protect against, respond to and recover from cyber incidents. In addition, the DOT must implement the Government Accountability Office cybersecurity recommendations within three years. 

As You Develop a Cybersecurity Plan, Why Select Acronis SCS Cyber Protect Cloud?    

With the vital funding necessary to protect state or local government from cyberattacks, you need to develop a plan and invest wisely. So why select Acronis SCS Cyber Protect Cloud? Our cloud solution is a FIPS 140-2 certified, HIPAA compliant, and CJIS verified solution for the US public sector. The gaps that it addresses promptly in the public sector mainly stem from the prevalence of legacy IT systems and lack of network visibility. The solution comes with a fully integrated, comprehensive, and cross-functional mix of cyber and data protection tools. All relevant endpoint security and endpoint protection management is possible from a singular user-friendly management console. The FIPS 140-2 certification ensures the highest grade data encryption, which is compliant with the requirements of the Federal Government. HIPAA compliance also guarantees the highest levels of data confidentiality and integrity standards. In addition, Acronis SCS is all about being US-based. Our support and data centers are located 100% in the US, and all our employees are US citizens.  

The full suite of features offered in Acronis SCS Cyber Protect Cloud ensures your organization is equipped with safe and reliable backup, protection from ransomware, and the ability to sync and share files seamlessly. The way we offer our services is flexible and easy to use. It comes with mix and match functionalities, plug and play capabilities and pay as you go pricing. As a subscription-based model, Acronis SCS Cyber Protect Cloud offers flexible licensing models. The monthly pay-as-you-go model reduces your up-front investment providing cost savings and easier budgeting.  

Procure Your Cybersecurity Solution Through Our MSP Partners 

Now is the perfect time for MSPs to assist state and local governments in navigating their options to maximize the funding they receive, including filling the gaps where IT staffing is an issue.  We partner with MSPs to provide revolutionary and certified cloud backup and security solutions purpose-built to protect the US public sector’s most targeted environments. At Acronis SCS, the US public sector is our #1 priority, enabling MSPs to avoid compliance delays and focus on the needs of the organizations we serve. 

Contact us today to learn more about how to invest your funding from the Infrastructure bill wisely. Acronis SCS and our dedicated MSP partners can help you get #CyberFit.  

Connect With an MSP in Your Area
Partner With Us to Help State/Local Governments