Small government agencies are some the most lucrative targets for cyber attackers—and historically, among the least protected. Larger entities can invest in the latest cybersecurity tools and experienced security teams. But state, local and tribal agencies are often at a stark disadvantage vs. well-seasoned, amply funded cyber criminals.
Last October, we blogged about the State and Local Cybersecurity Grant Program (SLCGP), a federal effort designed to even those odds. The SLCGP has pledged more than $1 billion over four years to help state and local governments shore up their cyber defenses. To get a share of the funds, grant applicants must build and roll out a plan for reducing cyber risk and increasing cyber resilience.
Here's an update on the program.
So far, 54 of 56 eligible entities have applied for the Notice of Funding Opportunity (NOFO). Of those, 10 submitted their plans. (Grantees weren’t required to have the details of their plans ready in the first year. But this year, they must submit a plan and get it approved by the U.S. Department of Homeland Security, which is running the program.)
The Year Two NOFO, due in late spring 2023, will have full funding for all 56 eligible entities ($400 million). They will have four years from the award (2027) to spend the money. Officials will dole out the funds based on population and what impact the funding will have on rural communities.
Other potential funding streams for cybersecurity improvement
Beyond the SLCGP, other programs exist to help support state and local security efforts.
For instance, the Infrastructure Investment and Jobs Act (IIJA) offers funding to help safeguard infrastructure that could be compromised in a cyber attack. These include broadband networks, energy grids and other vital systems.
COVID-19 relief programs can also provide cybersecurity funding for state and local agencies. The American Rescue Plan Act (ARPA) is just one example. It has “use it or lose it” deadlines:
- Obligated by December 31, 2024
- Expended by December 31, 2026
Making the most of federal funds
Here are a few best practices can help grant recipients make the most of their cybersecurity budget and improve their cyber defenses for the long haul:
- Review capability gaps
- Explore the longevity of solutions for addressing security gaps
- Consider cybersecurity’s impact on the workforce
- Align deployment with internal stakeholder adoption
All workers with access to sensitive data such as personally identifiable information (PII) need effective security awareness training. They also must be vigilant about cybersecurity updates and upgrades.
Organizations should also identify cybersecurity skills gaps. To address gaps, public-private partnerships and trusted advisers can provide services in tandem with solutions. That will help existing IT staff focus on big-picture programs and plans for improving cybersecurity.
Learn more about how Proofpoint helps state and local governments protect people and defend data at proofpoint.com/us/solutions/state-and-local-government