- $20 billion in the in the American Jobs Plan for investments in local and state cybersecurity modernization.
- $1 billion toward the GSA information Technology Modernization Fund (TMF) through 2025.
- $650 million for CISA through to 2023 to modernize its cybersecurity risk mitigation mechanisms, notably, the National Cybersecurity Protection System, EINSTEIN, and the Continuous Diagnostics and Mitigation program.
- $200 million for the U.S. Digital Service through 2024.
- $150 million for the Federal Citizen Services Fund through 2024.
- These funding levels falls short of President Biden’s initial proposal for $10 billion in cybersecurity.
Enhancing Accountability and Multi-stakeholder Collaboration
- Executive Order to America’s Supply Chains: This executive order is closely aligned with the administration’s economic competitiveness policy priority. In June 2021, the administration announced the findings of its 100-day review on how to strengthen critical supply chains of medicines, batteries, minerals, and semiconductors.
- Executive Order on Improving the Nation’s Cybersecurity: This executive order mandates a minimum cybersecurity standard for all software procured by the federal government and notably calls for enhancing software supply chain security. It also establishes a Cyber Safety Review Board, which will serve as the primary method for coordinating between and among federal agencies in response to a significant cyber incident. The Board’s establishment comes following the Colonial Pipeline incident, where the company did not notify CISA of the ransomware attack but did notify the FBI. Secretary of Homeland Security Alejandro Mayorkas, in consultation with Attorney General Merrick Garland, will manage the board and the execution of the recommendations provided by it.
- Existing forums at the national level for cooperation include the Critical Infrastructure Partnership Advisory Council, InfraGard, the Digital Connectivity and Cybersecurity Partnership (DCCP), and the Biennial National Cyber Exercise, among others.
Notable Cyber Legislation in Congress
- Cyber Diplomacy Act: The U.S. House of Representatives Committee on Foreign Affairs passed a bill in April 2021 requiring the Department of State to develop a strategy for promoting norms in cyberspace, create a cyber-diplomacy ambassador role, and establish a Bureau of International Cyberspace Policy. The goal of the act is to cultivate stronger partnerships between the U.S. and its allies to combat cyberattacks and address cybersecurity with “a unified approach.”
- Endless Frontiers Act: A bipartisan, bicameral piece of legislation that seeks to invest in U.S. domestic technology and cyber security education, manufacturing, and the establishment of a new Supply Chain Resiliency and Crisis Response Program with the mission of strengthening critical technology supply chains in the U.S. and with allies and partners.
- Strategic Competition Act: In June 2021, the Strategic Competition Act was passed by Congress. The act focuses on U.S.-China relations with a goal of strengthening American competitiveness via investments in science and technology, global infrastructure development, digital connectivity, and cybersecurity partnerships to counter Chinese influence.
- Federal Breach Notification Bill: The Senate has drafted legislation that would require federal agencies, contractors, and businesses that have oversight of critical infrastructure to report significant cyberthreats to CISA within 24 hours of discovery. Security experts warn that the notification deadline would not give organizations enough time to fully assess the severity of an attack and that the lack of specificity in the request will make it difficult for the private sector to parse out what constitutes a “significant cyberthreat” and when to notify CISA that such an event has occurred.