Inglis says infrastructure outlays should focus on 'cyber smart' investments

National Cyber Director Chris Inglis said his office is focused on collaborating across the federal government and private sector to ensure the entirety of the $1.2 trillion Infrastructure Investment and Jobs Act is spent on "cyber smart" investments that bolster resilience and protections for America's digital and physical infrastructure. 

Inglis described "cyber smart" investments as a transformative approach to federal investments which prioritizes cybersecurity standards and recent White House guidance around zero trust—even when those investments are going towards physical infrastructure, like roads and bridges. 

"There is some money set aside for cyber" in the infrastructure law, Inglis acknowledged at the Information Technology Industry Council (ITI) cyber summit on Monday, "but every one of those dollars needs to be 'cyber smart,' because all that infrastructure is going to depend on digital infrastructure in ways that in the past it never did."

The legislation Congress passed last year makes major investments in transportation and physical infrastructure, as well as efforts to bolster supply chain security and make infrastructure more resilient against cyberattacks and climate change. 

"This is a capital expenditure exercise, not an operational exercise," Inglis said, noting how physical entities like transportation systems are "massively dependent upon digital infrastructure" and increasingly rely on strong cyber protections to prevent disruptions in service for the public. 

Inglis and other cyber leaders have increasingly called for federal investments to include cyber resilience initiatives: In a joint op-ed published last week in CyberScoop, the national cyber director and Cybersecurity and Infrastructure Security Agency Director Jen Easterly called on government, the private sector and the public to "double down on our investments in the resilience of our systems."