Businesswoman presenting ideas

Cybersecurity funding in the Infrastructure Investment and Jobs Act

IIJA designates over $2 billion in funding for cybersecurity innovation to help reduce cyber vulnerabilities in public water systems and prevent cyber threats.

In brief

  • Learn how to make substantial cybersecurity improvements at state, city and county levels
  • Explore the monetary breakdown of the IIJA as it relates to cybersecurity

Infrastructure Investment and Jobs Act

On November 5, Congress passed the Infrastructure Investment and Jobs Act (IIJA) legislation that will provide $973 billion over five years from FY22 through FY26, including $550 billion in new investments across transportation, water, power and energy, environmental remediation, public lands, broadband and multiple approaches to improving resilience. The investment provides the opportunity to make substantial improvements at state, city and county levels. Realizing these benefits requires thoughtful strategy and engaged management of funding to prioritize, allocate and monitor.

Cyber investment

IIJA designates over $2 billion in funding for cybersecurity resiliency and innovation. The bill includes funds to reduce cyber vulnerabilities in public water systems and drinking/clean water technology. Additionally, the bill allocates funding to state and local via grant programs for cyber functions to include detecting and recovering from cyber threats and emergencies.

How cybersecurity is allocated in the IIJA

$1.31b for cyber resiliency for state and local government

  • Increase resiliency against cyber attacks on public and private networks at the state and local levels
  • Conduct research related to risk assessments and cyber vulnerability testing

$550m for grid infrastructure resiliency

  • Detect and respond to cyber threats in rural and municipal utility systems
  • Develop advanced cybersecurity applications and technologies for the energy sector

$500m for clean/drinking water resiliency

  • Increase resiliency to cyber threats and hazards in midsize and large drinking water systems
  • Study the state of technologies that could address cybersecurity vulnerabilities
  • Address rising threats to clean water infrastructure from climate change and cyber vulnerabilities

Cybersecurity program planning

Eligible entities applying for a grant under this plan to Department of Homeland Security Cybersecurity and Infrastructure Security Agency will need to submit a cybersecurity plan for review.

Supply chain risk management

Agencies must address supply chain risk to effectively meet their mission.

Operational technology/critical infrastructure

Operational technology (OT) uses hardware, software, personnel and its activities  to drive innovative changes in how organizations leverage technology to gain insights and capture market opportunity.

Ransomware readiness and resilience

Use threat intelligence to create outcomes across multiple processes and organizations so that they are enhanced to protect your organization from ransomware attacks. 


New and existing infrastructure faces increasing cyber and ransomware attacks that threaten public safety. With over $2b of funding dedicated to cybersecurity, water systems, electricity grids and other electrified infrastructure, agencies will need support protecting their systems from bad actors.

About this article