With a series of high-profile ransomware attacks fresh in their minds, Senate negotiators wove cybersecurity investments throughout the bipartisan $1 trillion infrastructure proposal, which passed the Senate in a 69-to-30 vote on Tuesday and now moves to the House for a vote. The allocations are a reflection of the growing realization in Congress that a computer attack could leave Americans without water, power, or other essentials.

The Colonial Pipeline ransomware attack in May was a wake-up call that gave lawmakers and the public “a taste of what is potentially in store,” King said. The attack disrupted fuel supplies in the eastern United States, prompting gasoline shortages and panicked buying that affected millions for days.

The Colonial hack was just one in a series of attacks on lawmakers’ minds. King said he is particularly wary of attacks on the more than 100,000 public water systems in the United States, especially after a hacker in February took control of a water treatment facility in Oldsmar, Fla. The intruder raised the levels of sodium hydroxide to a hazardous point that could have sickened residents. An operator noticed the rising levels and was able to quickly intervene, but the incident highlighted the broader weaknesses at the facilities responsible for ensuring Americans have clean drinking water.

To King, one of the Senate negotiators, these incidents underlined that cybersecurity has to be a part of any work the government does on infrastructure, from broadband to power grids.

The bill directs the Federal Highway Administration to create a new tool to help transportation authorities better detect and respond to cyberattacks, which could range from ransomware attacks on transportation departments or hacks of traffic lights and road signs. It makes emergency funding available to respond to digital attacks on public water systems and makes grants available that can be used to help some water systems increase their ability to deal with cyberattacks as well as natural hazards and extreme weather.

It also calls on the Federal Energy Regulatory Commission to develop incentives to ensure that electric utilities are investing in cybersecurity and sharing data about potential threats.

The bill also authorizes nearly $2 billion in spending for specific cybersecurity initiatives, such as the creation of a $1 billion grant program to provide federal cybersecurity assistance to state and local governments, which experts say are among the most vulnerable institutions to ransomware attacks. The bill also would fund a new cyber director office, so that the federal government can better coordinate its response to major hacks, and would create a $100 million response and recovery fund, which the Department of Homeland Security could use to support both private companies and governments’ recoveries from cyberattacks.

The infusion of funding follows years of warnings from across the federal government of the vulnerability of critical infrastructure to cyberattacks. A year ago, the National Security Agency and the Cybersecurity and Infrastructure Security Agency warned that critical infrastructure systems, including energy, transportation, and water systems, make “attractive targets for foreign powers attempting to do harm to US interests or retaliate for perceived US aggression.”

Yet least one House lawmaker has raised concerns that the measures in the Senate infrastructure package don’t go far enough. He thinks that there should be tougher cybersecurity requirements for entities that take infrastructure funding.

“The cybersecurity funding in the Senate infrastructure bill is a good start, but we’ve got a long ways to go in our battle to secure our nation against the full range of cyberthreats we face,” said Representative Jim Langevin, a Rhode Island Democrat and co-chair of the Congressional Cybersecurity Caucus. “I’d like to see broad requirements that all technology procured using these federal funds meet minimum security requirements and that money be set aside for security monitoring after it’s installed. Connected infrastructure is going to help the economy and our environment, but only if we can secure it.”

Public works officials welcomed the cybersecurity provisions of the Senate bill, noting they often struggle to balance defending their systems against cyberattacks with the daily demands of keeping Americans’ lights on and faucets flowing.

“Public works makes normal happen, and cybersecurity is woven into that in every different respect,” said Mark Ray, the director of public works and city engineer for Crystal, Minn., who also represents the American Public Works Association on the National Homeland Security Consortium, which convenes public and company officials to discuss emergency responses.

Ray said his 26-person public works staff doesn’t have the time or expertise to dig into every potential cyber risk, and they look to outside experts and the federal government for direction. “The more that we understand that, the more that we understand the connection and work to improve and secure everything, it will just benefit everybody across the board,” he said.