Senate lawmakers have passed a $1 trillion bipartisan infrastructure spending bill, which if enacted, would provide funding a range of new federal cybersecurity funding measures.
Among the proposals included in the draft legislation is a $100 million fund for responding to and recovering from cyberattacks, and $21 million in funding for recruitment at the recently formed Office of the National Cyber Director (NCD).
The legislation now progresses to the House of Representatives, where it will be debated – and potentially amended by – lawmakers.
In its current form, the bill would give the Cybersecurity and Infrastructure Security Agency a new authority to declare a significant cybersecurity incident in coordination with the Department of Homeland Security. Such a declaration would give the DHS secretary access to the $100 million recovery fund. CISA would then have responsibility for managing the federal and non-federal response to such an attack — a measure that is intended to assist in the future response to digital security breaches such as the Colonial Pipeline hack in May.
The proposed $21 million included in the bill text gives NCD the budget to hire new cybersecurity staff, an issue that remains a major concern for federal officials in a tight labor market.
Progress of the infrastructure bill through the Senate was obstructed by disagreement over amendments, including the proposed introduction of new cryptocurrency reporting requirements. Lawmakers Tuesday morning voted 69-30 to approve the bill.
Other amendments that fell away before the bill progressed included a proposal by Senate Appropriations Committee ranking member Richard Shelby, R-Ala., which could have provided $2.5 billion for the rollout of 5G wireless technology at Department of Defense facilities.
Commenting on the passage of the bill, Sen. Gary Peters, D-Mich., said: “These provisions will help strengthen cybersecurity at every level of government, protect sensitive personal information, and strengthen our response to online assaults by providing the federal government and other public and private entities, such as critical infrastructure companies, with the resources to prevent and recover from attacks.”