To say that areas of agreement are few and far between in today’s political climate would be an understatement. Some exist, however—most notably on the need to recapitalize our country’s infrastructure. As a result, a big spending push, replete with tax credits and federal money allocations, could be on its way. Any such legislation can and must include appreciable digital infrastructure investments to expand and secure our economy’s information technology backbone.
In the 19th century, we dug canals, built railroads, and wired the country with telegraph and electrical lines. In the 20th century, we built airports, an interstate highway system, and the foundations of the Internet. The coming century will be built on data, automation, and robotics. Any forthcoming investment in infrastructure will hopefully reflect that reality. Assuming it does, there is a glaring opportunity to invest in the security of that infrastructure at the same time. In an increasingly hostile cyber threat landscape, the United States ought to capitalize on that opportunity if it is to maintain its standing and economic advantage in the next several decades. The specific ways to achieve this goal are myriad, but here are just a few concrete ways government can facilitate appropriate investment in the security of our infrastructure.
First, firms that build and operate our infrastructure should be given tax incentives to invest in their own cybersecurity. Utility companies that maintain electrical distribution networks or manufacturers that rely on automated processes to synthesize chemicals are the critical nodes of our economy, and their failure could have terrible consequences. Unfortunately, at present, there is not nearly enough resiliency built into such systems, and they have never been as vulnerable to potentially debilitating cyberattacks. As a result, these companies’ obligations extend beyond their shareholders and their customers: There are national security interests in their normal operation. Expanded tax breaks and tax credits for investing in security upgrades, employee training, and vulnerability management should be made available to firms in the critical infrastructure space.
Second, policymakers should tie funding to security-related stipulations. It is likely that states, municipalities, and firms will use any potential federal money to capitalize on recent advancements in IoT technology. A county seeking to upgrade a bridge in Arkansas, for instance, might take the opportunity to incorporate Internet-enabled sensors and traffic cameras into the design. Any disbursement of federal funds should be tied to requirements that appropriate security measures be taken when such devices are linked to a state’s or municipality’s network.
Lastly, we ought to invest in the infrastructure itself. The copper wires, optical fibers, power networks, and other hardware that underpin and give life to the information economy—and to our means of production and way of life—are perhaps our most obvious vulnerability. Bringing down part of the electrical grid, the old switches that organize our railroads, or the ISP that provides telecommunications services to the New York Stock Exchange could bring our economy to a grinding halt. Investments should be made to build redundancies into the country’s network infrastructure, to mitigate vulnerabilities in our electrical grid, and to enhance physical security at crucial facilities.
To neglect security upgrades to our digital infrastructure is nearsighted and ignores the changing global threat landscape. When advocating for the Interstate Highway System in the 1950s, President Eisenhower undoubtedly recognized the importance of mobility in a potential conflict with the Soviet Union. Reinvesting in our roads is crucial, of course, but ensuring that air traffic control networks and electrical distribution systems are buttressed against cyberattacks from China, Russia, or Iran better reflects 21st century concerns.
Information technology will only grow in importance as it becomes even more interwoven with the processes and systems that keep the country functioning. Energy generation and transmission, transportation networks, telecommunications, and water and food distribution all rely on computers and networks to operate. We would never build a bridge that fails to meet safety standards, so why would we invest in electrical grid upgrades without guaranteeing that cybersecurity standards are met too? With so much agreement on the need for upgrading our infrastructure to meet the challenges of the 21st century, if policymakers squander this opportunity to secure our infrastructure, the opportunity may not present itself again.