As many of you may now know, the Department of Homeland Security is making a significant investment to address cybersecurity risks and threats to information systems owned or operated by, or on behalf of, state, local and territorial governments.
Last week, the federal government advanced further, announcing the appropriation of $1 billion pool of grant money for state, local and territorial governments to defend themselves against cyber intruders. Municipalities, state departments of education, state university systems and local town-level governments, typically lack the necessary resources to fully combat cybercrime and are prime targets for hackers in extortion plots to steal money and exfiltrate data. The new funding, is intended to assist state, local and territorial governments to enact plans and programs tailored to their own needs.
This $1 billion will be allocated over four years, with $185 million reserved for 2022 with more allocated during each of the next three years during what is called the performance period.
Now, here is the key. This program helps the eligible entities address cybersecurity risks and threats for systems owned or operated on behalf of state, local and territorial governments but the apportionment of funds is not completely up to the discretion of the state. Each state must submit a plan for approval by the Cybersecurity and Infrastructure Security Agency (most of us know them as CISA). Each state who receives an allocation must spend 80% of it on local and rural communities and 3% more on tribal governments.
Eligible entities can submit an application via Grants.gov. CISA and FEMA will review each submission, and CISA will approve final Cybersecurity Plans and individual projects. There is no time for states to waste. Applicants must apply for a grant in the next 60 days, and may use the federal dollars toward new or existing cybersecurity programs. Local entities receive sub-awards through their states.
Most importantly CISA has developed a series of overarching goals and objectives for the submitted cybersecurity plan based on input from state, local, and territorial stakeholders, and consideration of national priorities, frameworks, and the national cyber threat environment. The plan must include:
- Implement cyber governance and planning;
- Assess and evaluate systems and capabilities;
- Mitigate prioritized issues; an
- Build a cybersecurity workforce.
It is not possible to meet these overarching goals without defining a comprehensive and proactive cybersecurity approach that limits volatility, uncertainty, complexity and ambiguity, all enemies of a successful cybersecurity program. That is why comprehensive cybersecurity for the digital economy like Seceon Open Threat Management is very appropriate towards meeting these goals and objectives, providing demonstrable and dramatic improvements while offering a significant culture shift in the prioritization of appropriate risk management.
For more information on formulating your plan and providing you with the content you need to submit regarding your grant request, please contact me at firstname.lastname@example.org. We will save you time, expense, and complexity, providing you the best opportunity to secure your funds for the 2022 appropriation and subsequent ones in future years.