INVEST in America Act: Billion-Dollar Funding for Cybersecurity

The INVEST in America Act provides nearly two billion dollars in funding to enhance the nation's cybersecurity. Who should care? State, local, and tribal governments. $1 billion in funding over...
Nathan Coppinger
3 min read
Last updated October 11, 2022

The INVEST in America Act provides nearly two billion dollars in funding to enhance the nation's cybersecurity.

Who should care?

  • State, local, and tribal governments.
    • $1 billion in funding over four years to address cybersecurity risks
  • Federal agencies.
    • $21 million to fund the office of the new National Cyber Director
    • $20 million annually to fund the Cyber Response & Recovery Fund through 2028
  • Power, water, and infrastructure companies.
    • $600 million in funding for smart grid cybersecurity R&D
    • $375 million in funding for more secure water systems

The continuing onslaught of devastating data breaches has put pressure on the United States Government and the Biden administration to rapidly upgrade the nation's critical infrastructure defenses.

Over the last year, multiple federal agencies and governmental bodies have released statements, guidance, and recommendations outlining how organizations in both the public and private sectors should improve and modernize their cybersecurity infrastructure and defenses to protect against ransomware.

Get the Free Essential Guide to US Data Protection Compliance and Regulations

What is the INVEST in America Act?

The "Investing in a New Vision for the Environment and Surface Transportation in America Act" or "INVEST in America Act" is a passed spending bill that invests billions in funding over the next five years towards securing and modernizing State, Local, and Tribal governments, and U.S. infrastructure such as mass transit (Amtrak and DOT), water, power, green technologies, and other similar projects.

With high-profile ransomware attacks proving that core aspects of America's infrastructure can be brought to a screeching halt with a single attack, portions of this bill set out to ensure that organizations responsible for core infrastructure are well prepared to prevent similar incidents from happening again.

To achieve this, this bill includes nearly two billion dollars of funding earmarked for helping organizations improve their cybersecurity posture and harden their defenses.

Along with direct funding, INVEST in America makes cybersecurity efforts such as the employment of forensic consultants, cybersecurity experts, and third-party pen testers eligible expenses under the Mobility Through Advanced Technologies (MTAT) program. (source)

Cybersecurity funds for State, Local, Municipal, and Tribal governments

This bill establishes a National Cyber Resilience Assistance fund and allocates around a billion dollars in funding to modernize and harden the nation's cybersecurity ecosystem from 2022 to 2026.

These resources are meant to help non-federal governmental bodies detect, respond to, investigate, and recover from ransomware and other cyberthreats.

Previously congress passed the Cyber Response and Recovery Act that enables the Secretary of Homeland Security through CISA and the National Cyber Director to declare a "significant cyber incident" across ALL Federal, State, Local, and Tribal systems.

Through the INVEST in America act, this fund will have millions in funding replenished annually to help prepare for and respond to major cyber incidents.

Guidance: To apply for these funds, local agencies and organizations should reach contact your State Administrative Agency (SAA) to learn more about your state’s application process and the next steps to take to receive funding.

Additional resources:

INVEST in the nation's cybersecurity

The INVEST in America act requires organizations receiving funding to follow frameworks created by the National Institute of Standards and Technology (NIST).  Compliance with NIST's frameworks requires organizations to implement strict and robust cybersecurity solutions to reduce risk to their critical data and safeguard individual privacy.

Within two years of receiving funding, administrators must develop a tool to identify, detect, protect against, respond to, and recover from cyber incidents. Organizations will also be required to designate a Cyber Coordinator and establish a structured cybersecurity assessment and development program.

Federal funds received under the INVEST in America Act cannot be used to pay ransoms, so it is essential for organizations to utilize these resources effectively and invest in a holistic cyber security platform to quickly detect cyberthreats and mitigate any potential damage.

INVEST in America's cybersecurity with Varonis

Varonis' Data Security Platform can help organizations achieve least privilege and Zero Trust, ensuring that only those that require access to data have it.

With Varonis, you can identify and reduce risk to your sensitive and regulated data and secure your data, apps, and infrastructure against cyberthreats like ransomware.

Varonis can remediate excessive access to data at scale, reducing the blast radius of a potential attack and using automation to get to Zero Trust without years-long projects and manual work.

Our industry-leading UEBA alerting can catch suspicious activity before threats take hold.

Varonis logs a full audit trail of events across Active Directory and core data stores, making it easy to investigate cybersecurity incidents or meet strict compliance requirements.

Try Varonis

Schedule a personalized demo to learn how Varonis can help you secure your most valuable data.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

network-flow-monitoring-explained:-netflow-vs-sflow-vs-ipfix
Network Flow Monitoring Explained: NetFlow vs sFlow vs IPFIX
Modern networking equipment is capable of processing billions of packets every second, but most of that work happens behind the scenes. Network Flow Monitoring, also known as packet sampling, aims…
do-executives-and-cybersecurity-pros-agree-on-today’s-biggest-cyber-threats?
Do Executives and Cybersecurity Pros Agree on Today’s Biggest Cyber Threats?
Breaches cost companies billions, erode trust and can have a long-lasting negative impact on a company’s brand. With so much as stake, we wondered: are C-Suite executives aligned with their...
2019-data-risk-report-stats-and-tips-you-won’t-want-to-miss
2019 Data Risk Report Stats and Tips You Won’t Want to Miss
Our data risk report analyzed over 54 billion files across 30+ industries for the latest insights, stats and tips to improve your data security practices
salesforce-security-guide:-best-practices
Salesforce Security Guide: Best Practices
Data breaches exposed 36 billion records in the first half of 2020. This number continues to increase as more businesses go online, with more knowledge workers working remotely in 2021….