Cybersecurity Opportunities within the Infrastructure Investment and Jobs Act

By Gabrielle Perea, Senior Market Intelligence Analyst

With the signing into law of the Infrastructure Investment and Jobs Act, significant funding has been allocated in support of highways, highway safety, and transit programs, including cybersecurity provisions. Cybersecurity providers have a significant opportunity to position their offerings as tools to help with cybersecurity provisions and opportunities detailed in the IIJA.

The IIJA provides $1.9 billion for cybersecurity, with a $1 billion grant program to assist state, local, and tribal governments to guard against cyberthreats and modernize systems, especially critical infrastructure. These funds will be disbursed by the Federal Emergency Management Agency over the course of 4 years, beginning in 2022, with disbursement guided by the Cybersecurity and Infrastructure Security Agency.

The Department of Transportation will be responsible to the General Accountability Office for several reports and recommendations related to cybersecurity. Within 18 months, the DOT must deliver a report to GAO that looks at how the Department manages systems and information cybersecurity.

Within three years, the DOT must develop a cybersecurity risk management strategy for agency systems and information, with updated policies to govern organization-wide risk assessments. These updates must ensure coordination between cybersecurity risk management functions and enterprise risk management functions.

Beyond these reporting responsibilities, the IIJA addresses a number of cybersecurity priorities, including the development of the Energy Cyber Sense Program, providing incentives for advanced cybersecurity technology investment, and cybersecurity planning, among others.

Energy Cyber Sense Program

The Energy Cyber Sense program will establish a testing process for cybersecurity of products and technologies in the energy sector, including industrial control systems and operational technologies such as supervisory control and data acquisition systems. It also establishes and maintains cybersecurity vulnerability reporting processes and an integrated federal vulnerability coordination process database.

The program will help electric utilities, product manufacturers, and other energy sector stakeholders develop solutions to mitigate cybersecurity vulnerabilities in products and technologies.

Solutions will be reviewed every two years for cybersecurity vulnerabilities, with focus on response and mitigation of cyber threats

Incentive for Cybersecurity Investments

The IIJA supports assets that can enhance the security posture of public utilities by improving their ability to protect against, detect, respond to or recover from a cybersecurity threat.

Cybersecurity Planning

This very abbreviated overview of IIJA demonstrates that there are significant opportunities for companies offering cybersecurity risk assessment and risk management solutions, as well as tools to address or mitigate threats as they are identified.

As work begins on the reports required by the DOT, it is prudent to begin product delivery and alignment and best exploit these emerging opportunities.

Keep on top of the latest trends in government IT. Subscribe to immixGroup’s Government Sales Insider blog now!

Want to know more about how your team can pursue opportunities created by this legislation? Learn more about immixGroup’s Market Intelligence capabilities here.