The future of American infrastructure relies on secure and resilient systems, and cybersecurity is at the heart of this transformation. In a landmark collaboration, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the National Cyber Director (ONCD) have released a playbook designed to help federal grant programs incorporate cybersecurity into their infrastructure projects. With critical funding being allocated for infrastructure updates, ensuring these systems are cyber-ready is essential for the nation’s security.
This newly released guide offers valuable tools and resources to grant-making agencies, state and local governments, and project recipients, empowering them to integrate robust cybersecurity measures into their grant-funded infrastructure projects. Let’s take a closer look at the guide’s objectives and how it aligns with the national effort to fortify the country’s critical infrastructure.
Why This Guide Matters for Cybersecurity and Infrastructure
With the historic investments made through the Infrastructure Investment and Jobs Act (IIJA), Inflation Reduction Act (IRA), and the CHIPS and Science Act, there’s a unique opportunity for the U.S. to build cyber resilience into its next generation of infrastructure. These federal grants offer essential funding for infrastructure projects, but without the proper cybersecurity measures, they leave critical systems vulnerable to cyber threats.
To address this, the CISA and ONCD Playbook for Strengthening Cybersecurity in Federal Grant Programs provides actionable guidance that will help agencies incorporate cybersecurity into the entire lifecycle of grant programs. The playbook ensures that cybersecurity is not an afterthought but an integral part of the process, from grant application to project completion.
What’s Included in the Playbook?
The new guide provides tools and resources to ensure grant recipients are able to meet cybersecurity requirements effectively. Here’s what the playbook includes:
- Recommended Actions: The guide outlines the steps that grant-making agencies can take to integrate cybersecurity throughout the grant management lifecycle, ensuring that recipients understand the importance of securing their infrastructure from the start.
- Model Language for NOFOs and Terms & Conditions: Grant program managers can utilize model language to include cybersecurity requirements in Notices of Funding Opportunity (NOFOs) and Terms & Conditions, helping align recipients’ projects with national cybersecurity standards.
- Templates for Cyber Risk Assessment: The playbook includes templates that recipients can use to develop a Cyber Risk Assessment and a Project Cybersecurity Plan, which are crucial steps in identifying vulnerabilities and building secure systems.
- Comprehensive Cybersecurity Resources: A list of cybersecurity resources is provided, enabling grant recipients to access the support they need throughout the project execution process. This ensures they are equipped with the tools necessary for securing their infrastructure.
Building Cybersecurity by Design
In her statement, Jen Easterly, CISA Director, emphasized the critical importance of securing the nation’s infrastructure: “As organizations seek to take advantage of historic infrastructure grants, it’s critical to ensure the security and resilience of this next generation of American infrastructure in every community across our nation.”
Similarly, Harry Coker Jr., White House National Cyber Director, highlighted the need for cybersecurity to be a foundational aspect of infrastructure development: “We need infrastructure projects to be shovel ready and cyber ready,” he said. “That’s why we’re proud that the guidance released today will serve as a helpful resource to help our partners and recipients build cybersecurity into infrastructure projects from the beginning.”
Flexible and Minimal Burden on the Grant Process
The playbook’s design allows for flexibility, making it easier for grant recipients to integrate cybersecurity best practices without overburdening the grant process. The goal is to create cyber-secure infrastructure with minimal disruption to the federal funding process, which means that cybersecurity measures are embedded into the system from the start.
How Can Isogent Help?
At Isogent, we understand the complexities of securing critical infrastructure and how cybersecurity must be integrated into the entire project lifecycle. As companies and governments prepare to apply for federal grants for infrastructure projects, Isogent is here to help by providing cybersecurity services that align with these new guidelines.
From risk assessments to cybersecurity planning and implementation, Isogent’s expertise ensures that infrastructure projects are not only funded but also secure. By working with Isogent, clients can meet these new federal guidelines, protect their data, and build cyber-resilient infrastructure that withstands evolving threats.
