The $1 Trillion infrastructure bill is now law, and it includes a boost for cybersecurity. What will the infrastructure bill mean for cybersecurity and your business? Many businesses think what happens in Washington DC (my home area, by the way) won’t have a real effect on their businesses. But when it comes to putting
So, what’s in the law that will affect your business? If you’re not intimately familiar with NIST, it’s time to start doing some research. The NIST (National Institute of Standards and Technology) framework for cybersecurity is THE framework: Identify > Protect > Detect > Respond > Recover. This framework is going to be a requirement for all government agencies and their subcontractors. Word on the street is that those contractors are turning around and pushing the requirement on their subs.
What’s In The Bill For Business
In addition to the NIST framework, here are some aspects that may affect your business.
- There is $1 billion allocated for “local” governments to update their IT infrastructure and implement NIST. This will help put a layer of protection out there, but your team will need to implement these same measures internally.
- Has this supply chain trainwreck impacted your business? This law has $100 million over five years to create a cyber response recovery (i.e. NIST “recover”) fund to help critical infrastructure businesses in the private sector survive an incident. While your business may not be such a business, your supply chain is likely dependent upon it.
- The Office of the National Cyber Director gets $21 million to staff that office. What is measured gets managed, right? It’s good to have a dedicated team with eyes on the cyber playing field.
- With a shortage of cybersecurity talent, businesses have a hard time keeping security staffed up. While there is no direct help in this law, it is setting up the playing field to reinforce “cybersecurity” as a career. Of course, most businesses choose to hire outside consultants for cybersecurity.
- Data center providers are required to improve security. That means your SaaS and cloud applications will get a boost in cybersecurity.
- If you do business in IT with local government, this is an opportunity to leverage your cybersecurity services to help them bring their framework up to date.
When I went through school to get my MBA, it was right after the big Enron scandal. My school decided not to offer an ethics class. Instead, they made ethics a component of EVERY course. That was the right way to approach it. In my opinion, that’s where we are today with Cybersecurity. It needs to be part of every department or team in a business, on every meeting agenda, as part of your larger plan. And this infrastructure bill just set the standard for our country.