Cybersecurity takes a backseat in President Biden’s proposed $2.25 trillion infrastructure package with no money allocated to defend the country from cyberattacks on critical infrastructure targets, analysis shows.
Considering the proposal, which is unlikely to garner bipartisan support, calls for roughly $100 billion to create new jobs and develop more clean electricity, the White House has doubtless set itself up for some hefty criticism from legislators for its absence of additional cybersecurity-designated funding.
On the upside: $650 million was included in the recent COVID-19 relief legislation to support the Cybersecurity and Infrastructure Security Agency (CISA), and Biden reportedly will soon sign an executive order that is said to include about a dozen actions to improve federal cybersecurity.
U.S. Cybersecurity Budget Concerns
Still, those moves may fall short of cyber needs. Acting CISA Director Brandon Wales recently said that the $650 million won’t be enough to guard against current and prepare for future threats, calling it in testimony to the House Appropriations Homeland Security Subcommittee a “down payment.”
And, Jim Cunningham, the executive director of Protect Our Power, told The Hill that “the grid is attacked millions of times per day.” The organization is pressing the Biden administration and Congress to invest between $20 billion and $25 billion to secure it. “I think it is absolutely an essential part of any infrastructure plan,” Cunningham reportedly said.
Fresh warnings of the electric grid’s vulnerability has illuminated the lack of funds in the infrastructure bill, with the recent extended and destructive weather-induced outage in Texas the latest example of what disruption a break can bring. That one wasn’t caused by hackers but gave vivid proof of what can happen should foreign adversaries attack the grid.
U.S. Electric Grid: Cybersecurity Concerns, Next Steps
Indeed, the U.S. electrical grid’s distribution systems, which carry electricity from transmission systems to consumers, are vulnerable to cyber attacks that could result in extensive power outages, the U.S. Government Accountability Office (GAO) said in a new report. While the Department of Energy (DoE) has developed plans to implement the government’s national cybersecurity strategy for the electricity grid, those plans do not fully address risks to the grid’s distribution systems, such as vulnerabilities related to supply chains, the GAO said.
However, the DoE is finalizing a new plan to collaborate with the utility industry to identify and mitigate threats to the energy grid, Bloomberg reported. Energy Secretary Jennifer Granholm and other administration officials are said to have briefed industry executives on the plan, which would extend to distribution systems controls in other critical infrastructure sectors such as natural gas, water and chemicals, the report said. The White House "is committed to safeguarding the cybersecurity of U.S. critical infrastructure from persistent and sophisticated threats” and has launched a 100 Day Control Systems cybersecurity initiative, a National Security Council spokesperson told The Hill.
DHS will lead the country’s cybersecurity efforts by strengthening ties with the private sector, directing more funding to build out cybersecurity infrastructure, and hiring personnel to enact a whole-of-government approach to defending against hackers, the agency’s newly installed Secretary Alejandro Mayorkas said in March 2021.
Should a newly introduced bill pass be signed into law, CISA would have more responsibility to protect industrial controls systems from cyber attacks. The bipartisan DHS Industrial Control Systems Enhancement Act, which amends the Homeland Security Act of 2002, gives CISA the responsibility to “maintain capabilities” to identify threats to industrial control systems, according to the measure’s text.
Budget Question Marks Amid Bipartisan Support
Both Congressional chambers want vulnerabilities in the electric grid addressed, The Hill reported. “The reliability and resilience of the electric grid is critical to the economic and national security of the United States,” Sens. James Risch (R-ID) and Angus King (I-ME), among a group of other lawmakers, last month wrote in a letter to Granholm. “There is strong bipartisan agreement that protecting the electric grid and other critical infrastructure is of paramount importance and must be a key component of any plan,” Risch said.
MSSP Alert tracks U.S. cybersecurity strategy under the Biden administration with updates on executive orders, legislation and leadership across DHS, CISA, the DoD and other agencies.