Connecting state and local government leaders
Nearly $375 million, or double the amount of money as last year, has been allocated to a federal initiative looking to help state and local governments address cybersecurity risks.
More than $374 million in federal cybersecurity grant funding is now available for state, local and tribal governments, a big jump from the $185 million allotted under last year’s funding levels.
The State and Local Cybersecurity Grant Program, now in its second year, will dole out funds to help governments assess and evaluate individual projects being undertaken and adopt key cybersecurity best practices and federal cybersecurity performance goals.
The focus is a change from last year’s program, which asked applicants to develop governance structures and a cybersecurity plan to help respond to incidents and ensure continuity of operations. But as “states and territories should have completed these tasks,” applicants are now being asked to focus on a new set of objectives.
The Department of Homeland Security announced the funding opportunity for fiscal year 2023 on Monday. The four-year, $1 billion initiative was established by the Infrastructure Investment and Jobs Act to help governments at all levels address the cybersecurity risks they face.
Officials said the increased funding shows the Biden administration and Congress’ “commitment to help improve the cybersecurity of communities across the nation” through the program, which is jointly administered by the Cybersecurity and Infrastructure Security Agency and the Federal Emergency Management Agency.
“Building resilience requires more than mitigating against natural hazards,” FEMA Administrator Deanne Criswell said in a statement. “As our threat landscape continues to evolve, the funding provided through the state, local and territorial cybersecurity grant program will increase capability to help communities better prepare and reduce cyber risks.”
Observers have previously said that the cyber grants could help foster greater collaboration between the various levels of government on cybersecurity, and bolster whole-of-state cybersecurity programs.
A CISA fact sheet noted a number of changes for the second year of the grant program. This time around, applicants must focus on objectives around understanding their current cybersecurity posture and areas for improvement based on continuous testing, evaluation and structured assessments; implement security protections commensurate with risk; and ensure their personnel are appropriately trained in cybersecurity in keeping with their responsibilities.
While allocation percentages will remain the same for the 56 states and territories eligible to apply, CISA said only those that have completed their approved statewide plan and established a central cybersecurity planning committee will be able to receive grant funding for this fiscal year.
Those that have not completed those requirements can still apply this time around, CISA said, “but will adhere to different criteria focused on completing FY 2022 requirements of a CISA-approved Cybersecurity Plan, Cybersecurity Planning Committee List, and Charter.”
State governments have until Oct. 6 to apply for this latest round of cybersecurity grants.
NEXT STORY: An underused approach to fighting cyberattacks