$1 Billion Cybersecurity Grant Unlocks Funds for Local Governments

A cybersecurity grant called the State and Local Cybersecurity Improvement Act is part of the Biden administration’s $1.2 trillion Infrastructure Investment and Jobs Act signed into law on November 6, 2021. This new $1 billion Department of Homeland Security (DHS) grant program was written to address cybersecurity risks and threats to local or tribal governments. The funds are to be released between 2022 and 2025. All 56 states and territories are eligible to apply for grant funds. The good news for smaller Pennsylvania municipalities and boroughs is that 80% of all state funds acquired must be redistributed to local governments, with rural communities getting 25%. 

How to take advantage of this cybersecurity grant

UPDATE: PEMA Issues Survey of Interest: SLGCP Initiatives for 2023 Federal Fiscal Year

The Commonwealth surveyed local government entities to determine the level of interest in the SIEM and Vulnerability Management initiatives for FFY 2023.  The deadline was Friday, February 16, 2024. The survey is currently closed.
 
Please note that the survey was just the first of several steps in the process of receiving services through the SLCGP.  Future steps will be communicated as needed to ensure your organization is fully aware of any required actions to continue to move forward through the process.
 
Please direct all questions to slcgp-pa@pa.gov.

More on the grant

The State and Local Cybersecurity Grant Notice of Funding Opportunity’s (NOFO) total funding available for fiscal year 2023 is $374 million according to FEMA’s website. Applying for the grant is a multi-step process and can be complete on grants.gov.

An eligible entity must submit their Cybersecurity Plan for federal approval by the Cybersecurity Planning Committee and the State Chief Information Officer, Chief Information Security Officer, or an equivalent state officer within one year of their application to be eligible for year two funding. This plan must explain / include the following:

1. Enhance state and local government capabilities to identify and mitigate network
   cybersecurity vulnerabilities.
2. Provide for consistent monitoring and tracking of network traffic to identify cyber
   threats.
3. Implement processes to provide for continuous cybersecurity vulnerability
   assessments and threat mitigation practices to include information and operational
   technology systems.
4. Promote the delivery of safe, recognizable and trustworthy on-line services to
   include local government adoption of the .gov internet domain.
5. Promote continuity of operations of state and local government information
   systems in case of a cyber incident.
6. Enhance state and local cybersecurity information sharing capabilities.
7. Develop and coordinate strategies to address cybersecurity risks and threats.

CISA supplies a free plan template on their website: Cybersecurity Plan Template (click “Related Documents” tab to download) Please check out their website, as there are many other free resources there to help with the application requirements.

In addition to your cybersecurity plan, your municipality must create a committee to oversee cybersecurity planning. Keep in mind when forming your committee that the law stipulates that at least half of the cybersecurity planning committees members have cybersecurity expertise and that the education and public-health industries be represented.

What to do with grant funds

Decision fatigue can be a real thing. The DHS has suggestions on what to do with the funds. Parties awarded these cybersecurity grant funds may use them to:

1. Implement the Cybersecurity Plan of the eligible entity.
2. Develop or revise the Cybersecurity Plan of the eligible entity.
3. Pay for expenses directly related to administration of the grant, but not to exceed 5% of
   the amount of the grant.
4. Assist with approved activities that address imminent cyber threats.
5. Fund any other activity approved by the DHS Secretary.

What to do about cybersecurity now

While waiting for state funds to trickle down or waiting for the cybersecurity grant application process to be completed, your borough or municipality can take steps to improce cyber security right now.

1. Check out the CISA website, as it has a wealth of information including that free cybersecurity plan template.
2. Make sure that your passwords are not default or reused passwords.
3. Ensure all software and hardware security is up-to-date.
4. Practice good data management – only those who need the information for their job should have it, and stale data should be deleted.
5. Secure personally identifiable information (PII) when sending and storing.
6. Sign up for our newsletter to see the latest, free cybersecurity poster.