CISA Points to Water Sector in Seeking $80 Million More for FEMA Grants

As the Cybersecurity and Infrastructure Security Agency prepares to disburse $1 billion in funding through the Federal Emergency Management Agency to improve the cybersecurity of critical infrastructure around the country, director Jen Easterly drew lawmakers’ attention to the needs of the water sector in asking for the program to receive an additional $80 million.

“We have that $1 billion grant program for state and local and we're looking to release the notice of funding opportunity for that for the first $200 million,” Easterly told the House Appropriations Committee Thursday. “So I see this 80 million program effectively as a complement to that, to go after those target rich resource poor critical infrastructure providers.”

Testifying before the committee about the administration’s Fiscal Year 2023 budget request for the agency, Easterly stressed the importance of the grants and highlighted the water sector as being in particular need of federal assistance. 

“I would draw your attention in particular to water,” she said, noting an eyebrow-raising cyberattack in Oldsmar, Florida at the start of last year. “Water entities that, frankly, are very target rich—as we saw with Oldsmar in February of 2021—but resource poor, and so being able to provide grant money to help them raise their cybersecurity baseline, I think, is really important.”

The budget proposal seeks a total of $2.5 Billion for CISA, which Easterly notes is 18% more than was requested for the previous year. There was also an 11% increase suggested for non-defense agencies to spend on cybersecurity across the federal government. 

The one billion in FEMA grants Easterly referred to was funded through the American Rescue Plan Act which also boosted the Technology Modernization Fund by $1 billion. 

CISA is requesting $71 Million to continue working with the private sector through the Joint Cyber Defense Collaborative, which the agency just expanded to include representation from sectors relying on industrial control systems. 

Industrial control systems used in facilities like water treatment plants and gas pipelines can be particularly troublesome to secure and federal agencies have recently warned about malware constructed to target such infrastructure at scale. 

CISA is requesting $39 million for its CyberSentry program which allows the agency to place sensors in the environments of participating entities and may be tapped for a series of sprints the White House is conducting to track and mitigate threats to the industrial control systems of critical infrastructure.