- The U.S. Government is putting $22 billion up for grabs by energy vendors in the country.
- The funding is meant to help these entities replace obsolete systems and improve their cybersecurity resilience.
- This was long overdue and isn’t expected to have immediate effects, but it’s a first step in the right direction.
After the signing of the comprehensive cybersecurity executive order last week, it was time to present an infrastructure plan that would help push the strengthening of cybersecurity forward. This is an important first step that involves $22 billion in grants to help state and local governments upgrade their security in critical infrastructure, modernize their networks and systems, and generally increase their resilience against hackers.
States and local governments will be able to use these financial resources to directly fund standalone cybersecurity solutions or system upgrades. Eligibility will be dependent on a range of things, including policies around the detection and blocking of malicious activity on the operational networks. For entities to take advantage, they need to propose upgrade plans that are in line with modern security, technology, and energy standards.
However, it is important to note that this is merely an indication of the U.S. Government’s intentions right now, as plans like this one aren’t expected to have a fundamental impact any time soon. As Chris Morales, CISO at Netenrich, tells us:
This is all money for future projects that were already in progress or already desirable. They all will take quite some time to complete. And most of the money requires bidding for funds based on proposed projects. Reading between the lines, most of the funding is for hardware and equipment modernization of what is a very vulnerable, fragile, and old utility system. Nothing is going to be corrected in the current systems. Many of the problems we have, and the definition of resilience and adversity in this sense, have a lot to do with the lack of redundant systems or for the systems managing utility operations to adapt to current climates. This is needed but fixing it will take years if not decades.
If we consider ransomware attacks and the key role of the human factor, it becomes clear that replacing severely deprecated systems now will not stop persistent and sophisticated actors. However, it is an important first step and one that was long overdue.
The energy industry in the U.S., and other places in the world, have kept cybersecurity in the back seat for years, thinking about it as an unnecessary cost that gives nothing in return. This mentality is changing now, and the grants proposed by the Biden administration are playing a crucial role in fueling this shift in the industry’s mindset.
In addition to the above, the White House also announced an amount of $650 million to be given to CISA (Cyber Security and Information Security Agency) to help the agency upgrade its response capabilities and the security support services it offers to other critical federal entities in the country.