# Opener

The Hole in Biden’s Infrastructure Plan That Leaves Us All Vulnerable

Published by Axio

Last week President Biden, laid out a $2 trillion proposal to rebuild America. Of this $2 trillion, $100 billion will go to modernizing the power grid, $100 billion to expand broadband access, $100 billion to build new schools, $620 billion for transportation infrastructure, as well as many green initiatives including 500K charging stations and more. But the question is, how well is the plan truly prioritizing cyber risk?

Just recently, in a rare televised appearance Federal Reserve Chairman Jerome Powell emphasized the importance of understanding and preparing for cyber risks. The world evolves, though, and as such “the risks change as well,” Powell said. “And I would say that the risk that we keep our eyes on the most now is cyber risk.” The scenarios in this case involve “a large financial institution” losing the ability to “track payments that it’s making,” Powell said. “Where you would have a part of the financial system come to a halt, or perhaps even a broad part. And so, we spend so much time and energy and money guarding against these things. There are cyber-attacks every day on all major institutions now. That’s a big part of the threat picture in today’s world.”

A recent COVID-19 relief legislation will contribute $650 million to the Cybersecurity and Infrastructure Security Agency (CISA). Biden will also soon be signing an executive order that will fund improvements to federal cybersecurity. We will be monitoring updates closely.

There’s still a lot more to be done to advance America’s cybersecurity posture.  Below we list a few key cyber risk considerations we hope are more clearly addressed as the Rebuild America plan takes shape.

Preparing for Cyber-Attacks on Physical Systems

According to Washington Post, “The electric grid faces millions of attempted intrusions a day, including from foreign adversaries.” The number of attempts has accelerated in the past year and cyber adversaries are not slowing down. In this same article, they warned that successful cyber-attacks can lead to “wide-scale disruption and economic devastation”. With so much at stake, cybersecurity should be a priority within this infrastructure plan.

If the pandemic has shown us anything, it’s how digitally reliant we are as a society. Whether it’s the power grid, telecommunication, education system, transportation or anything else outlined in Biden’s proposal, they have one common denominator – they rely on digital systems. A disruption to their digital system can have physical consequences. OT and IT systems are largely integrated and a disruption to one can be detrimental to the other. Cybersecurity threats are a growing concern, and these potential cyber-attacks aren’t just theoretical anymore.

In February of just this year, we saw the devastating impact from disruptions to the power grid. The people of Texas lost electricity and many lives were put in danger. This event lasted for days and showed all of America, how disruptive any setbacks to the power grid, can be. This power outage lasted for about a week or so but a cyberattack can put the electric grid out for months to maybe even a year.

The unprecedented SolarWinds attack also brought to light the cybersecurity concerns in our supply chain. This incident compromised many government agencies and left many organizations concerned. It’s evident the need for more security measures as we progress in a highly digital world.

Preparing for Better Cybersecurity Education

There are currently 3.5 million unfulfilled cybersecurity jobs in the world and an estimated 2 million of them in the Asia-Pacific region. America needs to invest in better education on cybersecurity and training methodologies besides traditional methods to keep up with China, North Korea and Russia.

Back in the early 1990s, North Korea was already thinking about preparing for a connected world, and some computer scientists proposed graduating 10,000 student hackers by the year 2015. Students as young as 11 years of age are funneled into special schools.

These countries have become more and more technologically advanced. As America becomes more digitally connected and reliant on technology, there will be an increased cyber-attack surface to worry about.

In a recent article by Bank Info Security, Megan Stifel, executive director of the Americas for the Global Cyber Alliance said “I would have liked to have heard specific reference to enhancing the security of these new technologies including by adding training for the cybersecurity jobs needed for these advancements to be sustainable. Including such references sends a signal not only to U.S. industry that cybersecurity is an administration priority, but also internationally, to potential customers and partners who also need to be more deliberate about their own cybersecurity.” Although some of the funds provided in the plan can be applied to cybersecurity, a more direct allocation of funds is necessary to not only show the importance of securing your organization but would provide the resources to do so.

Preparing for More Technological Integration

As we are innovating at rapid speed, more risks and threats are going to arise. For example, as broadband becomes more widely available, the internet attack surface will expand as well. As more rural areas gain access to broadband, there needs to be an increase in security measures that will protect this extended surface. Additionally, the recent introduction of 5G has been a new avenue in which hackers can infiltrate systems. An article by the Financial Times states that, “More than a quarter of attacks exploit cars’ cloud servers or mobile apps. A quarter of the attacks have resulted in theft and about the same proportion has enabled control of car systems, according to Upstream’s data.” Due to this threat, many companies have begun cybersecurity considerations in the very beginning of their design. Evidently, cybersecurity cannot be put on the back burner any longer.

A direct, specific cybersecurity budget is needed as it directly relates to the safety and well-being of our citizens. Cybersecurity efforts are part of enhancing infrastructure and rebuilding America. The risks are immense if we don’t take action, that’s why improving cybersecurity efforts needs to be a partnership between the public and private sectors. Having support from the government can empower organizations in the energy sector, telecommunications sector and other industries to improve their cyber posture.

At Axio, we’re part of this mission towards a more secure reality. If you’re unsure of where to begin when it comes to assessing and improving your cyber posture, try out AxioLite. You’ll have access to 4 free assessments to help you establish a baseline for your cyber program and plan for improvement.

Try the Free Tool