Nathan Coppinger

Updated: 10/11/2021

The INVEST in America Act, which Congress is seeking to pass, provides nearly two billion dollars in funding to enhance the nation’s cybersecurity.

Who should care?

• State, local, and tribal governments.
  • $1 billion in funding over four years to address cybersecurity risks
• Federal agencies.
  • $21 million to fund the office of the new National Cyber Director
  • $20 million annually to fund the Cyber Response & Recovery Fund through 2028
• Power, water, and infrastructure companies.
  • $600 million in funding for smart grid cybersecurity R&D
  • $375 million in funding for more secure water systems

The continuing onslaught of devastating data breaches has put pressure on the United States Government and the Biden administration to rapidly upgrade the nation’s critical infrastructure defenses.

Over the last year, multiple federal agencies and governmental bodies have released statements, guidance, and recommendations outlining how organizations in both the public and private sectors should improve and modernize their cybersecurity infrastructure and defenses to protect against ransomware.

What is the INVEST in America Act?

The “Investing in a New Vision for the Environment and Surface Transportation in America Act” or “INVEST in America Act” is a proposed spending bill that invests billions in funding over the next five years towards securing and modernizing State, Local, and Tribal governments, and U.S. infrastructure such as mass transit (Amtrak and DOT), water, power, green technologies, and other similar projects.

With high-profile ransomware attacks proving that core aspects of America’s infrastructure can be brought to a screeching halt with a single attack, portions of this bill set out to ensure that organizations responsible for core infrastructure are well prepared to prevent similar incidents from happening again.

To achieve this, this bill includes nearly two billion dollars of funding earmarked for helping organizations improve their cybersecurity posture and harden their defenses.

Along with direct funding, INVEST in America makes cybersecurity efforts such as the employment of forensic consultants, cybersecurity experts, and third-party pen testers eligible expenses under the Mobility Through Advanced Technologies (MTAT) program. (source)

Cybersecurity funds for State, Local, Municipal, and Tribal governments

This bill establishes a National Cyber Resilience Assistance fund and allocates around a billion dollars in funding to modernize and harden the nation’s cybersecurity ecosystem from 2022 to 2026.

These resources are meant to help non-federal governmental bodies detect, respond to, investigate, and recover from ransomware and other cyberthreats.

Previously congress passed the Cyber Response and Recovery Act that enables the Secretary of Homeland Security through CISA and the National Cyber Director to declare a “significant cyber incident” across ALL Federal, State, Local, and Tribal systems.

Through the INVEST in America act, this fund will have millions in funding replenished annually to help prepare for and respond to major cyber incidents.

INVEST in the nation’s cybersecurity

The INVEST in America act requires organizations receiving funding to follow frameworks created by the National Institute of Standards and Technology (NIST).  Compliance with NIST’s frameworks requires organizations to implement strict and robust cybersecurity solutions to reduce risk to their critical data and safeguard individual privacy.

Within two years of receiving funding, administrators must develop a tool to identify, detect, protect against, respond to, and recover from cyber incidents. Organizations will also be required to designate a Cyber Coordinator and establish a structured cybersecurity assessment and development program.

Federal funds received under the INVEST in America Act cannot be used to pay ransoms, so it is essential for organizations to utilize these resources effectively and invest in a holistic cyber security platform to quickly detect cyberthreats and mitigate any potential damage.

INVEST in America’s cybersecurity with Varonis

Varonis’ Data Security Platform can help organizations achieve least privilege and Zero Trust, ensuring that only those that require access to data have it.

With Varonis, you can identify and reduce risk to your sensitive and regulated data and secure your data, apps, and infrastructure against cyberthreats like ransomware.

Varonis can remediate excessive access to data at scale, reducing the blast radius of a potential attack and using automation to get to Zero Trust without years-long projects and manual work.

Our industry-leading UEBA alerting can catch suspicious activity before threats take hold.

Varonis logs a full audit trail of events across Active Directory and core data stores, making it easy to investigate cybersecurity incidents or meet strict compliance requirements.

Try Varonis

Schedule a personalized demo to learn how Varonis can help you secure your most valuable data.