Cyber attacks on state and government infrastructure can have far-reaching and significant impacts on various levels. These attacks can disrupt critical services, compromise sensitive information, and undermine the functioning of government institutions.
To combat these increasing cyber attacks, the Department of Homeland Security announced the availability of an additional $374.9 million in grant funding for the Fiscal Year (FY) 2023. Established by the State and Local Cybersecurity Improvement Act, and part of the Bipartisan Infrastructure Law, the SLCGP provides $1 billion in funding over four years to support SLT governments as they develop capabilities to detect, protect against, and respond to cyber threats. This year’s funding allotment represents a significant increase and demonstrates the Administration and Congress’s commitment to help improve the cybersecurity of communities across the nation.
Who is eligible?
All 56 states and territories, including any state of the United States, the District of Columbia, Puerto Rico, American Samoa, the Commonwealth of the Northern Mariana Islands, Guam, and the U.S. Virgin Islands, are eligible to apply for SLCGP funds. To be eligible to receive FY 2023 SLCGP funding, states and territories must have fulfilled the FY 2022 SLCGP requirements of a CISA-approved Cybersecurity Plan, Cybersecurity Planning Committee List, and Charter.
What are the grant requirements?
- Establish a Cybersecurity Planning Committee;
- Develop a state-wide Cybersecurity Plan, unless the recipient already has a state-wide Cybersecurity Plan and uses the funds to implement or revise a state-wide Cybersecurity Plan;
- Conduct assessment and evaluations as the basis for individual projects throughout the life of the program; and
- Adopt key cybersecurity best practices.
How to apply for the grant
The State Administrative Agency (SAA) is responsible for managing the grant application and award. Local governments are eligible as subapplicants to their SAA and must work with their state or territory’s Cybersecurity Planning Committee to receive subawards. Working with the Cybersecurity Planning Committee, the SAA must ensure at least 80% of the federal funds awarded under the SLCGP are passed-through to local entities. In addition, at least 25% of the total funds made available under the grant must be passed through to rural communities. Receipt of funds occurs when the SAA accepts the award or 15 calendar days after the entity receives notice of the award, whichever comes first.
States and territories must submit Cybersecurity Plans for review and approval as part of the grant application. If the state or territory is applying for grant funds to develop a Cybersecurity Plan, the plan is not required to be submitted as part of the FY 2022 application. The deadline for Cybersecurity Plan submission is September 30, 2023.
If your organization is planning to apply for this grant, then they should work with the State Administrative Agency (SAA) on getting their Cybersecurity Plan approved. Developing a Cybersecurity Plan requires a comprehensive assessment of the organization’s operating environment and its specific business needs. Ultimately, implementing a cost-effective cybersecurity framework includes careful consideration of how you identify, protect, and recover critical assets, as well as detect and respond to security breaches. The Cybersecurity Plan should establish high level goals and finite objectives to reduce specific cybersecurity risks across the eligible entity. The Cybersecurity Plan should also serve as the overarching framework for the achievement of the SLCGP goal, with grant-funded projects working to achieve outcomes. Regional approaches, as part of an entity-wide approach, should also be considered.
The team at Cyberator can work collaboratively with you to develop your Cybersecurity Plan and implement programs that are not only effective, but sustainable. Feel free to reach out to us.
Where Can I go For More Information?
For more information please visit www.cisa.gov/CyberGrants.