Infrastructure bill includes funding for ransomware rising threat to state and local governments – Bill in Brief

The ransomware threat to state and local governments is growing. Parts of the USD 1trn Infrastructure Investment and Jobs Act (IIJA) take aim at protecting state and local governments from cyberattacks.


If authorized, approximately USD 1.9bn is being allocated to secure critical infrastructure sectors against burgeoning cyber threats.




Ransomware is a type of malicious software (also known as malware) that threatens to publish or blocks access to data or a computer system, typically via encryption, unless a ransom is paid. That ransom is usually paid with cryptocurrency that it makes it difficult to track. In many cases, the ransom demand comes with a deadline. If the victim doesn’t pay in time, the data is gone forever or the ransom increases.


One of the major problems when a ransomware attack occurs is underreporting. There is legislation that was introduced in the US Senate last month that would require critical infrastructure owners to report cyber attacks.


State and local governments can be crippled by a ransomware attack, and it poses a significant and growing credit risk. Municipal investors should review continuing disclosure filings to determine how cybersecurity is being prioritized.


In Process

On 10 August, the US Senate passed on a bipartisan basis the USD 1trn IIJA, also referred to as H.R. 3684. The IIJA focuses on “hard infrastructure.” The IIJA will not get a vote in the House of Representatives until the fate of the USD 3.5trn “soft infrastructure” legislation proposed by congressional Democrats is resolved.


As these negotiations continue, Debtwire Municipals, through our Bill in Brief series, will write periodic summaries on elements of the IIJA that directly affect state and local governments.


by Paul Greaves