The Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the National Cyber Director (ONCD) have published a new guide to help federal agencies and state and local governments strengthen the cybersecurity of grant-funded infrastructure projects. The 75-page playbook provides templates, models, and recommendations to better prioritize cybersecurity tools throughout the grant management lifecycle. “As organizations seek to take advantage of historic infrastructure grants, it’s critical to ensure the security and resilience of this next generation of American infrastructure in every community across our nation,” said CISA Director Jen Easterly in a press release.
The guidance targets 16 critical infrastructure sectors, including energy, communications, information technology, transportation, and water utilities. These assets are considered so vital to the United States that attacks could have cascading effects on national security, public health, and safety. National Cyber Director Harry Coker Jr.
called cyberattacks on power grids, communication systems, transportation networks, ports, and other critical infrastructure “the new geopolitical weapon,” because the attacks are often linked to foreign nations.
Strengthening grant-funded project security
“As we make investments in rebuilding and updating our infrastructure through funding such as made available from the Investing in America agenda, we have the opportunity and obligation to build in cybersecurity by design.
We need infrastructure projects to be shovel ready and cyber ready,” he said. The guide recommends federal grant managers incorporate cybersecurity throughout the grant management lifecycle, such as by including specific language in their notices of funding opportunity and terms and conditions. It also includes templates for applicants to use when creating their cyber risk assessments and project cybersecurity plans, and lists cybersecurity resources available to state and local grant recipients.
Many state, local, tribal, and territorial governments are the first line of defense against cybercriminals seeking to disrupt the operations of critical infrastructure, but they’re often short of cybersecurity funds. The guidance released aims to serve as a resource to help partners and recipients build cybersecurity into infrastructure projects from the beginning. The playbook builds on existing strategies to improve the security and resilience of the nation’s critical infrastructure.
It follows an earlier resource released over the summer aimed at improving the security of critical infrastructure, which included processes and tabletop exercises to help the public and private sectors minimize the effects of cyberattacks, reduce the risk of disruption to critical services, and minimize system restoration costs.
Rashan is a seasoned technology journalist and visionary leader serving as the Editor-in-Chief of DevX.com, a leading online publication focused on software development, programming languages, and emerging technologies. With his deep expertise in the tech industry and her passion for empowering developers, Rashan has transformed DevX.com into a vibrant hub of knowledge and innovation. Reach out to Rashan at [email protected]
