April 20, 2022
Taking novel approaches to partnership, avoiding broadband 'overbuilding' and setting baselines against which progress can be measured will tell the story, the experts say.
Good afternoon! It's been more than five months since President Biden signed the Infrastructure Investment and Jobs Act into law, so we asked the experts to look at how the rollout was looking and the best ways to measure its efficacy. Want more on the infrastructure bill? Protocol's Issie Lapowsky hosted a panel today about what to expect next.
Senior Vice President at Booz Allen Hamilton
In 1954, the Eisenhower Administration referred to the $175M down payment on the National Highway System as a “good start.” Two years later, Congress authorized $27B to launch nationwide efforts to construct one of America’s greatest achievements. In November 2021, President Biden signed the $1.2T infrastructure bill, the first significant down payment of modernizing a now aging infrastructure with 21st century technologies. A good start.
But how will we know it’s working – and creating bipartisan support to finish the job – as the National Highway System did? It’s important to examine three long-term indicators that will foreshadow the degree to which we transform our infrastructure.
First, will states emerge as laboratories of innovation or just “spend the money”? In areas like alternative energy and electric vehicle adoption, we already see promising signs of states taking novel approaches and forming intriguing partnerships to spur innovation.
Second, will private industry invest heavily now or wait on the sidelines? When the Affordable Care Act was passed, for example, Congress appropriated $10B for innovative health pilots. But the market signal it sent generated a wave of large-scale industry investment, triggered market shifts, and stimulated innovation. Will a similar pattern emerge with infrastructure?
Third, will technology adoption accelerate or stagnate? In the automotive industry alone, EVs, AVs, and even UAVs could disrupt business and regulatory models – and produce unpredictable advancements and consequences. The adoption curve’s shape over the next five to eight years will tell us much about the success of this down payment.
Nicol Turner Lee
Senior Fellow and Director of the Center for Technology Innovation at The Brookings Institution
The Infrastructure Investment and Jobs Act (IIJA) is primed to place a large down payment on the equitable deployment and adoption of affordable, high-speed broadband. If implemented, it will guarantee that no child nor community in America will be left offline ever again. But to determine its success, two factors should stay top of mind: the details of new broadband network deployments, and the percentage of Americans fully benefitting. The former may appear easy but may require some flexibility in how new networks are accounted for, including an approach that incorporates opportunities for novel technologies like 5G fixed wireless, as well as enhancements to existing network infrastructure. The latter will require metrics from states and other local stakeholders that provide data on local technology adoption and use. These should be made public to enable research and accountability from interested parties. Right now, many public and private sector leaders are focused on getting the monies allocated in accordance with legislative goals and timelines, but success will not come in the sole review of balance sheets. Rather, how human capital will be enhanced by these opportunities also matters and may take longer to determine. That is why ensuring that NTIA’s Office of Internet Connectivity and Growth must expediently provide the nation with public landscape analyses on both broadband deployment and digital equity progress. Without knowledge of where the U.S. is starting on these key issues, it will be impossible to determine whether IIJA has succeeded or failed.
President at the Information Technology and Innovation Foundation
The clearest indicator of success for the infrastructure bill will be a lot more infrastructure built in a cost-efficient and timely manner. However, the “as intended” question complicates things, as many progressive members of Congress did not intend for the bill to expand Infrastructure. For example, there is a risk that anti-road progressives will limit funding for expanding road and bridge capacity and instead focus on repair.
In the case of IT-related infrastructure, the metrics of success should be clear. For broadband, this means bringing up the percentage of households served by at least one fixed provider to around 98 percent. Trying for 100 percent would waste money. The last few percent are better served by low-earth-orbit satellite broadband.
The way to achieve this goal is to limit broadband “overbuilding”: funding new networks in places with adequate broadband. And adequate broadband should be defined reasonably: no more than 100mbs down and 10 up.
Success also means widespread deployment of 5G networks to most places people live and regularly travel (e.g., along the Interstates).
If there is any money left over after building networks in unserved places, it should be spent helping low-income households adopt broadband and gain digital skills.
Finally, achieving these goals will be much harder if the administration insists on applying Buy America provisions on the IT components of infrastructure builds. ITIF estimates that this would raise IT costs by approximately 25 percent. By definition, this means less infrastructure being built.
CEO and Co-founder at Illumio
From a cybersecurity standpoint, all eyes are on how organizations will respond to President Biden’s Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). The bill is significant in that it requires multiple sectors to “report material cybersecurity incidents and ransomware payments within 72 and 24 hours, respectively” to CISA.
If the bill works as intended, we can first expect to see more organizations across industries (from FinServ to agriculture) disclose cybersecurity incidents to CISA in a timely manner. This will lead to increased information sharing between public and private sectors, which will help us better understand imminent cyber threats.
This knowledge is key to helping organizations strengthen their defenses against cyber criminals and safeguard critical infrastructure.
If security decision makers take this bill seriously, we should also see more federal agencies and organizations taking proactive steps to bolster cyber resilience by shoring up their mission-critical assets: backing up data, practicing incident response plans, and segmenting networks.
The federal government’s continued emphasis on cyber as a national imperative is a step in the right direction. Although it may take time for us to reach national resilience, it’s important to remember that decisive action is a win and any action beats entropy. Our attackers never stop, and it’s our mandate to push forward during this critical time.
Global General Manager, IOT Cities & Transportation Solutions at Intel
The IIJA is a “once-in-a generation” bipartisan law that will provide hundreds of billions of dollars to upgrade and modernize U.S. transportation systems and physical infrastructure as well as expand broadband internet access and digital infrastructure. It is also an opportunity to rethink how these upgrades are approached and the value digital technologies can bring to transform our infrastructure, making it more resilient, innovative, and efficient and providing more value to our communities, municipalities, and states.
The digital revolution is already here – transforming the way we live, work, and communicate. Smart infrastructure is a key part of this revolution. In today’s knowledge-based society, we must think about infrastructure differently. It’s not just concrete and steel, it’s also the digital components that can help make our roads, skies, waterways, and airways safer, cleaner, and more efficient. In effect, physical and digital infrastructure go hand in hand – one cannot exist without the other.A clear indicator of the success of the IIJA act is whether communities choose to augment physical infrastructure upgrades with digital technologies to “future-proof” their investments. At Intel, we fully support the U.S. government’s vision to enable growth and prosperity for American people through IIJA funding. We recognize that while overarching goals are the same, different states and localities have different needs. That is why we are committed to improving the lives of citizens everywhere through technology advancements.
Area Vice President, U.S. Public Sector, State, Local Government and Education Markets (SLED) at Cisco
Regarding the IIJA’s broadband provisions, success depends on federal agencies, state and local governments, community leaders, and private companies coordinating effectively so that all Americans have access to the connectivity necessary to succeed in a digital economy. Capturing the full picture of the digital divide in the United States is crucial, and accurate FCC-led mapping of unserved and underserved areas is central to making sure funding is going to struggling communities. As the true conveners of broadband infrastructure, state and local governments must navigate the needs of the community with available funding and solutions to achieve meaningful impact. These federal funds should also seed investments of private capital from ISPs and equity firms to make sure that there is a long-term solution increasing broadband access.
The IIJA aims to use unprecedented infrastructure investment to boost domestic manufacturing and provide quality jobs for American workers. In the case of high-tech broadband equipment, onshoring of manufacturing will be a multi-year process impacted by numerous factors affecting global supply chains. A clear indicator of success will be whether urgently needed broadband investment is allowed to proceed in parallel with the shift to increased domestic manufacturing.
Finally, we must move beyond the “same old solutions to the same old problems.” Beyond broadband, a strong indication of success will be strategic investments in operational technologies that support and secure our nation’s roadways, water systems, subways, pipelines, and utilities. Investments that include technology can lead to more sustainable, affordable, and secure solutions for years to come.
Senior Vice President of Americas & Public Sector at Splunk
When it comes to our nation’s security, there are several provisions focused on tying physical infrastructure to its corresponding vulnerabilities. These sections of the bill showcase that cybersecurity is more important than ever and the ultimate indicator of the bill’s success is our investment in it. First, we must ask ourselves if we are funding for true success. Are we able to secure the tools, talent, and frameworks that allow for agility and innovation? Are we bringing the right talent together through expanding jobs and increased public/private partnerships to disseminate information and best practices?
We must use measurable data to ensure the provisions in the infrastructure bill are creating a lasting impact. For example, we must see the adoption of more automated solutions, like SOAR and SIEM, specifically for securing critical infrastructure; the growth of public/private partnerships across essential sectors of infrastructure at the state and local levels; and the implementation of zero-trust & DevSecOps operational capabilities. Providing agencies with the proper amount of funding - down to the state and local level - to implement these strategies and tools is vital in meeting the bill’s goals. However, without measuring the investment in these areas, we won’t truly be able to assess if the infrastructure bill is working for increasing our cybersecurity posture and resilience.
Senior Vice President and Acting General Manager of Operations and Security Services at the Center for Internet Security
In cybersecurity, it is often not what you see but what you don’t see, or hear about, that offers the best indicator of success. The bipartisan Infrastructure Investment and Jobs Act invests almost $2 billion over the next four years to help defend our nation against cyberattacks intent on disrupting and endangering our hospitals, schools, water systems, energy sources, and other critical infrastructure. Much of that investment is focused on state and local governments down to rural areas, where the cyber risk has proven significant while resources to defend against it are limited.
The first indication of success may well be that we, as a nation, have recognized the enormous need of state and local governments. Until now, the U.S. government has primarily funded cybersecurity efforts to protect federal networks and systems with few exceptions – so the acknowledgement that the cybersecurity deficit within state and local government is a national security issue is a major step in the right direction.
At the Multi-State Information Sharing and Analysis Center (MS-ISAC), we assess the cybersecurity maturity of state and local governments through the Nationwide Cybersecurity Review (NCSR). Our assessment focuses on cyber maturity in key areas ranging from implementing technical security controls to user awareness training. A key indicator of success for this grant program will be year-over-year increases to the maturity assessments of organizations participating in the NCSR.
Cybersecurity is a race without a finish line. We know it is impossible to defend against every conceivable threat and our goal is not to achieve perfect protection. Using these funds, we encourage state and local governments to drive decision making through risk management, ensure the involvement of executive leadership and governing bodies, and collaborate with others to make the most effective use of these funds. It may just be what we’re not hearing about—massive data breaches or ransomware incidents among local governments—that proves federal money has been well spent.
Chief Strategy Officer and CISO Advisor at Sectigo
See who's who in the Protocol Braintrust and browse every previous edition by category here (Updated April 21, 2022).
The Infrastructure Investment and Jobs Act has within it language that outlines improvements to cyber resiliency including $2 billion allocated towards state and local cybersecurity as it relates to critical infrastructure. While this is indeed much-needed funding towards cyber resiliency and protection, there must be increased funding considerations for the future. The measures outlined in the bill are a good step forward, however, the intricacies of cybersecurity and infrastructure are complex, and it may be some time before we can determine the benefits of this legislation. We cannot rely on tech if we don’t understand the risks associated with it, especially when it comes to cyber threats to national-security and critical infrastructure which we saw firsthand with SolarWinds.
Importantly, the White House’s plans to bolster cyber education and critical infrastructure resilience should implement identity and cybersecurity solutions that are hand-in-hand with interoperability and openness. Though, ultimately, we need a Zero Trust security approach, which President Biden and his administration have put more of an emphasis on as outlined in their overall cybersecurity strategy. Ensuring that his priorities are intertwined with varying policy initiatives is especially critical and an opportunity for local, state and the federal government to work together and will help determine if the legislation is impactful and is working as intended.
Kevin McAllister ( @k__mcallister) is a Research Editor at Protocol, leading the development of Braintrust. Prior to joining the team, he was a rankings data reporter at The Wall Street Journal, where he oversaw structured data projects for the Journal's strategy team.
More from Braintrust