Securing Our Nation: How the Infrastructure Investment and Jobs Act Delivers on Cyber Resiliency

Designed to improve our nation’s critical infrastructure, the act — one of the largest federally funded grant programs in history — provides significant funding to improve your cybersecurity posture so you can focus on delivering services to your communities

Attacks and intrusions on our nation’s vital infrastructure — our electrical grid, water systems, ports and oil supply — are on the rise. For example, as reported by the Pew Charitable Trust in March 2021, hackers changed the chemical mixture of the water supply in Oldsmar, Fla., increasing by 100 times the level of sodium hydroxide (lye) in the water supply. In June 2021, Reuters published an article about how poor cyber hygiene, ineffective cybersecurity practices and the danger of stolen credentials impacted millions of people when a cyberattack interrupted the flow of fuel on the East Coast of the United States. As we hyperconnect our cities and communities, security must be at the forefront of every plan and design.

Recognizing the required investment in the United States, Congress passed the Infrastructure Investment and Jobs Act (IIJA) in November 2021. The IIJA authorizes roughly $1 trillion USD in funding for a number of initiatives that include improving our highways, repairing bridges, creating smart cities, studying the effects of climate change, developing new clean energy technology and both improving and hardening our electrical and water utilities.

For anyone who’s not accustomed to reading legislation, 1,000 pages of complex legislation can be intimidating. States and large cities, as well as larger businesses supporting critical infrastructure, may have entire divisions or established working groups dedicated to understanding and pursuing this and other grant programs. I can only imagine there are numerous small and medium-sized companies, as well as local and tribal governments who, like me, have little experience in taking advantage of the incredible funding opportunities in this and other grants across the federal government.

Here, I will identify some parts of the IIJA your organization may be able to take advantage of.  Whether you have people who work with federal grant funding, or not, awareness of this capability to make up for budget shortfalls while building our critical infrastructure is important.  We created an easy-to-read document that outlines cybersecurity-specific sections of the Act and the CrowdStrike solution in our “How CrowdStrike Supports the IIJA” white paper.

Key IIJA Cybersecurity Funding Provisions

Key provisions of the IIJA provide funds to federal agencies and state, local, tribal and territorial governments, as well as public and private utility and transportation entities, to implement cybersecurity solutions that promote stronger cybersecurity resilience and the ability to assess, detect, identify, mitigate and respond to cyber threats today and into the future.

In particular, the IIJA calls out the U.S. Department of Transportation (DOT), Department of Energy (DOE), Department of Homeland Security (DHS) and Environmental Protection Agency (EPA) for specified cybersecurity funding. Within these provisions, the federal government will provide $3.5 billion USD for key projects that include requirements to improve cybersecurity posture and resiliency, promote intelligence sharing and respond to attacks. 

DHS: Layering Our Defenses and Coordinating Our Response

The Cyber Response and Recovery Act and the new State and Local Cybersecurity Grant Program provide over $1.1 billion USD to state, local, tribal and territorial governments including public-private partnerships. These funds are available for seven and five years, respectively, and seek to address cyber risks and threats by supporting threat hunting, network protection and the replacement and modernization of tools and systems. The Cybersecurity Infrastructure Security Agency (CISA), a component agency of DHS, is tasked with defending the infrastructure of the internet and improving its resilience and security for the nation. Each organization must submit its cybersecurity plan when applying for grant funding and, in the case of the State and Local Cybersecurity Grant Program, successful applicants will receive up to 90% of required funding for the first year. 

DOT: Improving and Securing Our Roads, Bridges and Ports 

As the U.S. transportation system’s networks evolve into a hyperconnected mesh of data and information to make them more efficient, their attack surface exponentially increases. The IIJA directs two specific programs under the DOT to strengthen the cybersecurity posture of the transportation system. The Strengthening Mobility and Revolutionizing Transportation (SMART) grant provides $500 million USD over five years to state, local and tribal governments, and public toll authority and metropolitan planning agencies, to ensure the security of smart cities by implementing cybersecurity best practices. The second program, Advanced Research Projects Agency-Infrastructure (ARPA-I), provides unspecified funding for the advancement of cybersecurity technology solutions that promote the resiliency of roads, highways, bridges, airports, seaports and railways against cyberattacks.

DOE: Keeping the Lights On

The resiliency of the U.S. electrical and power system is critical to national security. Recent years have shown how delicate the grid is, and our adversaries have demonstrated they are adept at attacking power grids. Seven programs provide over $1 billion USD in investment funding to secure research, modernization and resiliency in the energy sector and electrical grid. These projects include maturity models and threat assessments, protection, detection, response and recovery from cyber threats to pilot projects to gain experience with new cyber technology. Each of these provides state, local, tribal and territorial governments, as well as public and private electrical utility companies, with the ability to harden and improve their network defenses, expand cyber defense capabilities and capacity, and gain a clear understanding of their environment and the efficacy of their cybersecurity plans. 

EPA: Ensuring Our Drinking Water Is Safe and Sewers Keep Flowing 

With two programs valued at $375 million USD over five years, the EPA’s Midsize and Large Drinking Water System Infrastructure Resilience and Sustainability Program, and the Clean Water Infrastructure Resiliency and Sustainability Program, seek to improve the resiliency of the nation’s water system. This section of the IIJA directs public and private water providers and state and local governments to develop and implement projects that reduce the cybersecurity vulnerabilities of water systems in communities across the United States. 

The CrowdStrike Mission: We Stop Breaches

The integrated CrowdStrike security platform provides governments and organizations with the optimal solution to protect and defend their environments while taking advantage of IIJA funding. We offer endpoint protection capabilities plus a 24/7/365 managed services offering designed to augment teams that may not be staffed to support immediate response — solution attributes that are specifically mentioned in numerous sections of the IIJA. And with over a decade of proven performance in preventing breaches and ensuring resiliency of small, medium and large corporations and governments worldwide, CrowdStrike is the clear choice for securing our critical infrastructure and your valuable data during a cyberattack or intrusion.

In addition, CrowdStrike has a robust team of threat advisors and intelligence experts ensure the rapid flow of threat and adversary contextual information, increasing the strategic impact of information across your environment. Recognizing that 80% of attacks in 2021 were identity-based, CrowdStrike now offers the industry’s first fully managed identity threat protection solution delivering identity threat prevention and IT policy enforcement so that IT and security teams can sleep better at night.  In many cases the adversary manages to bypass standard security measures using valid, stolen credentials. Organizations are now demanding these integrated capabilities where services are delivered through a single, lightweight sensor implemented in on-premises, hybrid and cloud environments.  Ultimately there is a need to provide immediate protection, decreasing risk while allowing clients to focus on providing their core services and products.

The CrowdStrike Falcon®® platform provides an increasingly expansive ecosystem of protection capabilities, from endpoint and cloud security, to threat intelligence, identity protection and IT operations. CrowdStrike’s open ecosystem and growing list of industry-leading partnerships enhances and extends our powerful protection across critical areas like operational technology (OT), Internet of Things (IoT) network security and more, empowering forward-leaning organizations to take advantage of the funding in the IIJA. Our integrated Falcon platform capabilities and extended security ecosystem accessible via the CrowdStrike Store provide answers to the challenges and gaps outlined in the IIJA.

Are you interested in learning more about how CrowdStrike can assist you in your journey and help get the funding you need? Now is the time to take advantage of this opportunity. Adversaries will not wait — and neither should you. Whether you provide electricity to local communities, are responsible for designing and building our nation’s bridges and roads, or serve our citizens in local, state or tribal governments, we are here to help. Schedule a meeting with one of our professionals to learn more about how we can help you harden your network and improve your cyber resiliency.

Additional Resources

Related Content