The US government will award $1 billion in grants to help state, local, and territorial (SLT) governments address cybersecurity risks, strengthen the cybersecurity of their critical infrastructure, and ensure cyber resilience against persistent cyber threats.
“Applicants have 60 days to apply for a grant, which can be used to fund new or existing cybersecurity programs,” the US Department of Homeland Security pointed out in the announcement.
About the grant program
SLT governments face many challenges when it comes to defending against cyber threats (and especially ransomware attacks), but one of the main ones is the lack of resources.
According to the Cybersecurity and Infrastructure Security Agency (CISA), the funds can be used for developing and implementing a fitting cybersecurity plan, purchasing equipment and software, and hiring personnel, but cannot be used for construction of physical facilities, paying a ransom to cyberattackers, or buying cybersecurity insurance.
The grantees don’t have to adopt a specific cybersecurity framework, but their plan must include how they aim to implement the following seven cybersecurity best practices:
- Multi-factor authentication;
- Enhanced logging;
- Data encryption for data at rest and in transit;
- End use of unsupported/end of life software and hardware that are accessible from the Internet;
- Prohibit use of known/fixed/default passwords and credentials;
- The ability to reconstitute systems (backups); and
- Migration to the .gov internet domain.
“The grant program requires that states match federal funding (starting at 10% in year one and growing to 40% in year four). However, that match can be waived if an eligible entity demonstrates economic hardship,” noted Jason Crist, a District Manager at Palo Alto Networks.
“More importantly, the matching requirement is substantially reduced and waived altogether in year one for multi-entity projects. This feature results in compounding savings over the life of the program. This deliberate incentive for multi-entity applications is designed to promote innovative solutions, such as joint security operations centers (SOCs), that will help promote a more robust cyber ecosystem, in the end.”
DHS will implement the grant program through CISA and the Federal Emergency Management Agency (FEMA).
CISA will be the cybersecurity subject-matter expert, and will provide various resources, including state cybersecurity coordinators and cybersecurity advisors.
“FEMA will provide grant administration and oversight for appropriated funds, including award and allocation of funds to eligible entities, financial management and oversight of funds execution,” the DHS explained.
The first $185 million in grants will be awarded in the current (2022) fiscal year, and state, local, and territorial governments are urged to do so quickly, as the applications must be delivered by November 15, 2022. “A separate tribal grant program will be released later in the fall,” the DHS added.
Putting funding in the hands those who need it
Federal, state and local governments around the world are often targeted by state-sponsored hackers and cybercriminals. Ransomware, BEC scams, data theft and cyber espionale are the most prominent risks they are facing.
“Securing the Nation’s cyber ecosystem requires a whole-of-society approach, and that includes the crucial work that state, local, and territorial governments do in partnership with the Federal government every day. This program, made possible by the Bipartisan Infrastructure Law, demonstrates the Biden-Harris Administration’s commitment to ensuring that all Americans can thrive in cyberspace,” said National Cyber Director Chris Inglis.