Here’s the latest on the Cybersecurity Grant program as we enter year two. According to CISA, 54 of 56 entities eligible for the year one cybersecurity grant have applied, with ten providing their cybersecurity plans. The State and Local Cybersecurity Grant Program was created in 2021, thanks to the Infrastructure Investment and Jobs Act (IIJA). The IIJA allocated $1 billion over four years to be awarded to state and local governments.[1] The federal government has announced that its second round of SLCGP grants will total $400 million, with $300 million in 2024 and $100 million in 2025, the program’s final year. Here’s a complete overview of two years of federal funding for state and local governments.
According to GovTech, “The grant program requires states to both create a cybersecurity planning committee comprising a diverse array of stakeholders and a statewide cybersecurity plan to guide how the funds are spent. States that had created their committees could apply, but the money would be under an administrative hold until they’d also provided their cybersecurity plans, Trent Frazier of CISA said.”
The program was created to help government agencies protect their critical infrastructure from cyberattacks and other digital threats. The grants are intended to help governments:
- Develop strategies to protect their critical infrastructure from cyberattacks and other digital threats.
- Strengthen their ability to prevent, detect, and respond to cyberattacks.
- Establish partnerships with private sector entities that can help share information about potential cyber threats.
- Build relationships with other SLT governments so they can share resources and best practices.
A complete overview of the grant program can be found in this exclusive interview with Doug Robinson, Executive Director of NASCIO.
The amount of funding available to each state will vary based on factors like the number of agencies in that state and the population of those agencies. The total amount awarded for each grant will be $2.19 million per state, with additional amounts available “based on a combination of the total population and rural population” in the jurisdictions.
To receive funds, organizations must submit a Cybersecurity Plan, including capabilities assessments and individual projects approved by the Cybersecurity Planning Committee, due September 2023[2]. Complete information on filing plans can be found here.
The GAO will also review SLCGP, with a report expected in late 2023 or early 2024. The information will be a comprehensive assessment of cybersecurity grants given out by CISA to state and local entities. It will assess how much money was awarded, who was awarded, and how it was used. It will also look at how well CISA has performed in streamlining its application process for these grants. Finally, it will assess whether there have been any issues with fraud or waste since CISA began awarding these grants.
Local governments should be at the forefront of cybersecurity and must adapt their strategies to match the changing threat landscape. As the federal government continues to support state and local governments in improving cybersecurity, it’s time for SLT officials to look closer at their communities’ needs. In addition, they need to consider what resources they have available and how best to use them.
[1] https://www.cisa.gov/cybergrants
[2] https://www.cisa.gov/cybergrants