State and local governments encounter almost the same amount of cybersecurity incidents as any other industry. In 2020, federal agencies in the United States reported over 30 thousand cybersecurity incidents, increasing 8% from the previous year.
In light of increasing cyber-attacks, the Department of Homeland Security (DHS) has announced a cybersecurity grant program to strengthen cybersecurity controls across the state, local, and territorial (SLT) entities in the country. This program is known as the State and Local Cybersecurity Grant Program, and it will provide funding to SLT partners of $1 billion over the span of four years.
In this article, we will discuss all the necessary things you need to know about this program and how SLT can enhance its cybersecurity posture.
What is the Purpose of the State & Local Cybersecurity Grant Program?
The main aim of the State and Local Cybersecurity Grant Program (SLCGP) is to help eligible entities address cyber threats and risks to information systems operated or owned by SLT.
The Secretary of Homeland Security said, "Cyberattacks have emerged as one of the most significant threats to our homeland." The purpose of the SLCGP includes strengthening the nation's cybersecurity by helping state and local communities to build and strengthen their cybersecurity controls.
The goals for the SLCGP developed by CISA are given below:
● Implementing cyber governance & planning
● Mitigating prioritized issues
● Assessing & evaluating networks, systems, and capabilities
● Building a cybersecurity team or workforce
Importance of Cybersecurity for State, Local, and Territorial (SLT) Entities
State and local governments face unique challenges in fighting against cyber threats, including ransomware attacks, as they don't have sufficient resources to assess the constantly changing threat landscape. From 2014 to 2019, the U.S. government accounted for almost 5.6% of data breaches and 2.1% of exposed records.
With the increasing threat landscape, it becomes critical to protect federal agencies from cyberattacks. Therefore, state and local entities need to strengthen their cybersecurity posture to protect information systems from theft and damage.
What are the Funding Guidelines for SLCGP?
The State and Local Cybersecurity Grant Program consists of the funding guidelines for the eligible entities. But before we discuss the funding guidelines, let’s have a look at the application process and the timeline for the SLCGP.
Application Process & Timeline
The application process for the SLCGP is a multi-step process, and the registration process may take four weeks or more to complete. Eligible entities can submit their initial application at www.grants.gov or through the grants.gov portal. The current closing date for application is November 15, 2022.
Build a Cybersecurity Planning Committee
The first requirement for receiving grant funds is to build a Cybersecurity Planning Committee. This committee leverages previously created advisory bodies formed by the states. States may also expand their Planning Committees to include additional expertise according to their individual state needs.
This committee will be responsible for identifying and prioritizing state-wide efforts. Also, SLCGP requires adding at least one representative from relevant stakeholders in the Planning Committee, including the eligible entity, public education within the authority of the eligible entity, public health, and rural, suburban, and high-population authorities.
Create a Cybersecurity Plan
The next requirement is the creation of a Cybersecurity Plan which will be a statewide planning document. The Cybersecurity Planning Committee and the CIO/CISA equivalent will be responsible to approve this document. It will be updated in FY24 and 25.
Grants for an entity or groups will execute added pass-through conditions for SLCGP. 80% of the awarded funds must be passed through by the SAA, including 25% of the funds for rural communities, in less than 45 days after getting the receipt of funds.
Entities that apply as a sole entity are required to meet the 10 percent non-federal cost-share conditions for the Fiscal Year 2022 under SLCGP. They are required to agree on ensuring the availability of non-federal funds to conduct an SLCGP grant in not less than 10 percent of the cost of the project.
Learn more about the funding guidelines and application process here.
1. Who is eligible for this program?
The only eligible applicants for the SLCGP are the SAAs for states and territories. Additionally, two or more entities can apply as a multi-entity group for joint assistance. However, they must submit separate applications.
2. How much funding is available for SLCGP?
$200 million have been approved by Congress for the Fiscal Year 2022, including $185,000,000 for SLCGP, $8,500,000 for DHS to manage the grant, $6,000,000 for TCGP, and $500,000 for the Inspector General of DHS to evaluate the programs.
3. How long is the period of performance?
The period of performance for the grant is 48 months. Extensions may apply to different case scenarios.
4. How will funds be allocated?
The allocation criteria are based on the Bipartisan Infrastructure Law, including base-level funds for each SLT.
5. What is the role of the State Administrative Agency?
The State Administrative Agency will be held accountable for managing the grant application. The role of the SAA is to ensure that 80% of federal funds pass over to local entities under the SLCGP award. Additionally, 25% of the funds must pass over to rural groups.
The purpose of the State and Local Cybersecurity Grant Program is to encourage state, local, and territorial (SLT) entities to strengthen their cybersecurity controls. As mentioned above, SLT entities face unique challenges defending against constantly evolving cyber threats and risks. They need guidance and support to manage cybersecurity-related issues.
ISA United’s commitment to advocating for legislation addressing cybersecurity best practices and incorporating Security by Design into any architecture can help SLT governments enhance their cybersecurity posture. We encourage SLT entities to design effective security architecture with a threat-driven approach to cybersecurity.