Cybersecurity Investment Tax Credits

Cybersecurity Investment Tax Credits
Cybersecurity Investment Tax Credits

Cyberattacks continue to grow worldwide, which has increased awareness and concern about utilities, industries and personal risk. There is a universal understanding that this is a national security threat. In the U.S., I suggest the government consider creating cybersecurity investment tax credits for industry to stimulate more protection.

There have been many incidents that prove cyberattacks can bring down businesses and infrastructure. Most recently, the Colonial Pipeline ransomware attack shut down the largest gasoline pipeline in the U.S., which carries 2.5 million barrels per day of gasoline and other refined fuels. 

This cyberattack had the biggest impact on physical operations of critical infrastructure in U.S. history. Some reports attribute the attack to a criminal group called “DarkSide,” known for ransomware attacks. A recent report by Cyberreason estimates that the group has targeted well over 40 victims, with ransom demands ranging from $200,000 to $2 million USD per incident.

On May 28, 2021, Reuters reported that U.S. energy companies are scrambling to buy more cybersecurity insurance after the attack on Colonial Pipeline disrupted the U.S. fuel supply, but they can expect to pay more as cyber insurers plan to hike rates following a slew of ransomware attacks. Fundamentally these companies are trying to hedge risk rather than mitigate root causes.

Ransomware attack lesson

The lesson from ransomware attacks is clear: national security is at high risk in any country. Cyberattacks, including those targeting automation and control systems, are increasing significantly. My view is the “big game” has not yet started. Winners of classic military battles generally get good reconnaissance and probe at their opponents’ defenses before launching major attacks. Carrying the war analogy further, there are typically campaigns with many battles.

“Even as we speak, there are thousands of attacks on all aspects of the energy sector and the private sector generally. . . . it’s happening all the time,” U.S. Energy Secretary Jennifer Granholm told Jake Tapper on CNN’s “State of the Union” cable show June 7, 2021.

Cybersecurity tax credit

A cybersecurity investment tax credit would work like tax credits for energy conservation that have been around for many years. Energy conservation tax credits had a major goal of achieving energy independence, which was viewed as a national security issue. More recent tax credits include those for installation of alternative energy generation, particularly solar and wind.

A bipartisan group of U.S. House of Representatives members recently introduced legislation to step up cybersecurity literacy and increase awareness among the American public amid the spike in cyberthreats against critical infrastructure. The American Cybersecurity Literacy Act would require the National Telecommunications and Information Administration (NTIA) to establish a cyber literacy campaign to help promote understanding of how to stay safe online and prevent successful cyberattacks.

Action is needed

Cybersecurity tax credits incentivize companies to invest in personnel education and technologies to protect operations and strengthen national security by selecting an appropriate solution for their businesses. As with energy conservation, there are existing standards, product solutions, and guidelines, including ISA/IEC 62443, that need to be applied based on the specific use case. 

In the June 2021 issue of InTech, Eric Cosman provided guidance in his article, “Automation Systems Cybersecurity: From Standards to Practices.” It is interesting that companies can take a tax deduction for insurance premiums that only provide a level of financial protection.

I spent a number of years in the energy conservation area and realized the value of investment tax credits to achieve results and stimulate the development of superior solutions. The time is now for action on this topic.

This article was originally published in InTech's July/August issue.

About The Author

Bill Lydon brings more than 10 years of writing and editing expertise to, plus more than 25 years of experience designing and applying technology in the automation and controls industry. Lydon started his career as a designer of computer-based machine tool controls; in other positions, he applied programmable logic controllers (PLCs) and process control technology. Working at a large company, Lydon served a two-year stint as part of a five-person task group, that designed a new generation building automation system including controllers, networking, and supervisory & control software. He also designed software for chiller and boiler plant optimization. Bill was product manager for a multimillion-dollar controls and automation product line and later cofounder and president of an industrial control software company.

Did you enjoy this great article?

Check out our free e-newsletters to read more great articles..