Each states will each receive a minimum of $2 million for FY 22 for a planning committee and a cybersecurity plan that details how it will reduce their cybersecurity risks.
The Department of Homeland Security on Sept. 16 took the wraps off its long-awaited cybersecurity grant program for state, local and territorial governments.
With funding from the Bipartisan Infrastructure Law, $1 billion over four years will be available -- with $185 million available for FY22 -- to address cybersecurity risks and threats to information systems owned or operated by state, local and territorial governments.
The funds will be distributed through two programs. Under the State and Local Cybersecurity Grant Program states must allocate at least 80% of their funding to local and rural communities, with a minimum of 25% going to rural areas and 3% to tribal governments. Tribal Cybersecurity Grant Program is for federally recognized tribes that have not applied under the SLCGP.
The primary goals of the programs are to help state, local and territorial governments implement cyber governance and planning, assess and evaluate their systems and capabilities, mitigate prioritized issues and build a cybersecurity workforce.
Each state will receive a minimum of $2 million for FY 22 to form a required cybersecurity planning committee that will help them identify, prioritize and lead their efforts. A mandatory statewide cybersecurity plan establishes the high level goals and specific objectives a state will use to reduce cybersecurity risk.
The plan must discuss cybersecurity best practices and include 16 required elements that cover managing and monitoring information systems, applications, networks and user accounts – including those of critical infrastructure. Continuous vulnerability assessments and threat mitigation are also required as are continuity of operations plans and use of the .gov domain. States must also detail how they will mitigate cybersecurity workforce gaps and share threat information.
With this funding, the administration aims to better equip state and local governments to address cybersecurity risks, ensure resilience against threats to services they provide and strengthen the cybersecurity of their critical infrastructure.
“The State and Local Cybersecurity Grant Program will play a critical role in helping these organizations build their capability and capacity,” said Jen Easterly, director of the Cybersecurity Infrastructure and Security Agency. “We encourage all eligible entities to apply for grant funds to protect our critical infrastructure and communities from malicious cyber activity and to grow their partnership with CISA. CISA is here to provide the expertise, tools, and technical assistance to be a reliable partner to state, local, and territorial governments in combating the growing cyber threats they face each day.”
Applicants have 60 days to apply for a grant for this year’s funding.