The amount of funding that government agencies at the Federal, state and local level that can be devoted to cybersecurity is about to substantially increase. A $1 trillion infrastructure bill includes nearly $2 billion for cybersecurity and other related functions.
Specifically, a Federal Emergency Management Agency (FEMA) cyber grant program being administered in collaboration the Cybersecurity and Infrastructure Security Agency (CISA) , will lead to $1 billion being distributed over four years to state and local governments.
In addition, $21 million is being allocated to the Office of the National Cyber Director to fill open positions after funding began to run short earlier this year and allocates $100 million for a Cyber Response and Recovery Fund over the next five years that CISA will use to coordinate both Federal and non-federal response efforts to a major cyberattack.
More than half a billion dollars of the funds are dedicated to improving protection of the energy grid that includes $250 million allocated for the Rural and Municipal Utility Advanced Cybersecurity Grant and Technological Assistance Program.
Federal funding for cybersecurity initiatives may also get another boost if the Build Back Better bill gets approved by the U.S. senate. That legislation includes about $500 million set aside for cybersecurity projects.
Like most organizations, government agencies will need to strike a balance between trying to recruit cybersecurity talent and investing in automation and artificial intelligence (AI) to augment their cybersecurity teams. Given the general shortage of cybersecurity expertise available many agencies are not likely to be able to fill many of the job postings they are about to make. As such, they like other organizations will have to rely more on the tools and platforms being made available to enable smaller teams of cybersecurity experts to make up for what they lack in numbers.
In smaller agencies, however, there usually isn’t a security team at all. Many agencies simply have a handful of IT professionals that in the advent of a security incident will look to help from CISA. Hopefully, that assistance will be focused on helping to prevent breaches rather than only helping to clean up the mess after a breach has occurred.
The challenge government agencies face is that in addition to being targets for ransomware attacks much like any other entity they also tend to attract the attention of cybercriminals acting on behalf of nation states intent upon disrupting everything from elections to the water supply. The IT professionals that are expected to defend the integrity of the systems are outclassed by nation states that spend lavishly on training individuals on how to engage in cyberespionage in addition to hiring cybercriminals that make their services available on a contract basis.
Ultimately, there’s no direct correlation between the amount of money being spent and the level of cybersecurity achieved. However, in the absence of funding it quickly becomes apparent that the best and the brightest are migrating toward organizations where they can command a higher salary. That doesn’t mean agencies won’t be able to hire the talent they require. There are a lot of individuals that for a variety of reasons prefer to work in the government sector. However, everyone in cybersecurity knows it may still be years before the funding being made available now has a meaningful impact on improving the overall state of security at either the Federal and local level.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.