After months of back and forth between Democrats and Republicans in the White House, the U.S. Senate passed a $1.2 trillion bipartisan infrastructure bill, sending the massive package to the U.S. House of Representatives. The federal infrastructure package has set aside $1 billion to create a new grant program to improve the cybersecurity of state, local, tribal, and territorial governments. The grant funding will be distributed by the Department of Homeland Security over a span of four years beginning in 2022.
”The new infrastructure bill that was recently approved by the Senate includes funding for over $1.9 billion for cybersecurity. The cybersecurity funding will aid state and local governments to secure critical infrastructure against cyberattacks. With the increase of recent cyberattacks against critical infrastructure, this funding is very needed and has been highly anticipated. A cyberattack on a state or local government network can put electrical grids, schools, and crucial services in danger. Therefore, it is crucial that the state and local government have the funding to proactively protect the infrastructure against the cyberattacks and protect the data”, said Dr. Bennet Hammer, President of Hammer IT Consulting, Inc.
Prevention or Mitigation?
When it comes to cybersecurity, the weakest links are typically right under our noses. However, the cybersecurity issues are much wider and deeper than that. Cybersecurity continues to make its way up the list of growing concerns that businesses and organizations are facing – mainly driven by compliance factors such as the GDPR. Prevention or mitigation? Can these approaches address cybersecurity issues? Are we seeing other solutions in the market?
”Grants to local governments for cybersecurity is a good thing. It is better to proactively work to secure networks rather than react to breaches. The money is much better spent on prevention rather than mitigation. Mitigation tends to be much more expensive. I hope these grants for local governments are only the start and soon small businesses will have the ability to receive aid to help push them in the right direction to secure private infrastructure across the country. Education alone is very effective and likely one of the least expensive methods to inform the public and private sector on the importance of cybersecurity”, said Joe Cannata of Techsperts, LLC.
Why are Public Entities Targets for Cybercrimes?
More cities are finding themselves fighting off cybercrime – high-profile ransomware attacks are hitting cities. Ransomware attacks result in businesses and organizations coming to a sudden halt as cybercriminals take control of an entire city’s computer systems, demanding thousands or millions of dollars in ransom. Many public entities, hampered by tight budgets and little funding to spend on IT, do not have enough security measures in place to protect themselves from a ransomware attack.
”The grant is great but the knowledge of the internal staff needs to get up to par. The towns and cities are getting crippled by the attacks, but I often find that they have taken their eyes off the ball. Many municipalities are not doing the basic thing necessary, as simple as an annual assessment”, said Ilan Sredni of Palindrome Consulting who offers IT support in Fort Lauderdale.
”It’s about time the government is taking some action and helping fund the fight against these cyberattacks. However, I feel that 1 billion spread amongst the many governmental agencies, however, is not enough. The fact that Jon Mitchell, the Mayor of New Bedford Mass, who is still recovering from a ransomware attack 2 years ago, stated that his own budget increased over 900% from 50K to over 500K, speaks volumes as to the seriousness of this issue”, said Anthony Buonaspina, BSEE, BSCS, CPACC, CEO and Founder of LI Tech Advisors.
”These public entities have been targets for many years, and centralizing the additional funding necessary for reducing their cybersecurity risk level will definitely help. It’s important to note, as Jon Mitchell, the mayor of New Bedford acknowledged in the video, the city was spending 50K a year on cybersecurity when they needed to be spending 500K a year. It’s a very common problem we have seen again and again, not only in the public sector but also with downward IT budget pressure in the private sector. One of the most common cybersecurity failures for any organization, regardless of size or market sector, is simply a lack of appropriate funding for cybersecurity and disaster recovery” said Alexander Freund of 4IT.
Taking Action Against Cyberattacks
We are at war! This cyberwar, however, is being fought on many fronts against cybercriminals who are organized in their attacks and continue to seek out weaknesses in defenses. Currently, each governmental agency is an island onto itself that needs to individually fund and fortify its defenses against these attackers with limited resources. Many of these agencies do not have effective defenses in place and become soft targets for sophisticated cybercriminals”, said Buonaspina.
”According to a report by Emsisoft, in 2019 alone, 966 governmental entities, including healthcare providers and educational establishments were impacted by ransomware at a cost of $7.5 billion. Emsisoft data shows at least 2,354 US government, healthcare, and schools were impacted by ransomware attacks in 2020. The education sector saw the greatest number of successful attacks with 1,681 schools, colleges, and universities impacted by the threat. Federal, state, and municipal governments and agencies reported 113 successful attacks”, said Buonaspina
”The government cybersecurity funding is a good step in the right direction for helping defend against cyberattacks, but there needs to be a concerted effort to help governmental agencies strengthen their defenses, but at the same time, an effort needs to be made to find and prosecute cybercriminals. The overall costs of this cyberwar are becoming a major expense that will end up dipping into the pockets of the average taxpayer as a cyber tax. What I see happening in the meantime, is that government agencies are going to need to cut services in order to fund their cybersecurity unless the government continues to come up with large grants for help with these costs”, added Buonaspina.
The addition of cybersecurity funding in the new infrastructure bill reflects a growing bipartisan focus on the issue.