The Covid-19 pandemic made having access to reliable and speedy internet a necessity, as more people than ever used it to access their education, jobs, and medical services. As a result, Congress ensured that funding broadband infrastructure projects would be a key piece in the 2021 American Rescue Plan Act (ARPA). 

Just having speedy and reliable internet access isn’t enough though; the service also needs to be secure. Cyberattacks threaten pipelines, hospitals, and all sorts of critical services. That’s why Congress, on top of ensuring that funding would be provided for expanding broadband, has provided funding for securing it.  

Specifically, ARPA allows recipients of the funds to upgrade and modernize the cybersecurity of already present broadband networks as well as provide funding for new networks. This includes any hardware, software, or related cyber infrastructure necessary to ensure a safe and secure connection.  

Furthermore, recipients of these funds can also use them to specifically upgrade the cybersecurity of critical water and sewer systems. Already, public water suppliers have faced cyber intrusions that could have led to the mass poisoning of public drinking water, underlining the seriousness of this issue. 

Cyberattacks by both malicious hackers looking for a payday as well as state-actors aiming to sow chaos and disrupt US governmental services have become exceptionally prominent in the last few years. As such, utilizing ARPA funding to implement, upgrade, and strengthen critical infrastructure from cyberattacks should be a key goal of state and local authorities. 

One thing to keep in mind, though, is that the Treasury Department has specifically warned recipients to be mindful of any current legislation dealing with the procurement and implementation of the equipment and sources for any cyber security projects. Specifically, recipients must be aware of and comply with legislation such as the 2019 National Defense Authorization Act (NDAA), which bars the purchase of equipment or related systems from certain entities within or affiliated with the Republic of China (think Huawei). And although possible exceptions can be made with an approved waiver, recipients are better off avoiding the issue altogether.