Tap Into Federal Funds to Improve Cybersecurity
September 05, 2023 by Tim Walsh
From the Solar Winds to Colonial Pipeline attacks, recent news cycles are full of cyberthreats to local, state, and federal governments. The rate of cyberattacks on school districts has also risen rapidly in recent years. Throw in the threat of hackers' use of artificial intelligence, and you have serious worries keeping IT professionals up at night.
It's no wonder cybersecurity sits atop Gartner1 and NASCIO2 IT priority lists.
In recognition of the increasing threat landscape, federal legislation provides school districts and state and local governments with resources to respond to and prepare for attacks.
The two most impactful federal efforts include:
- The State and Local Cybersecurity Grant Program: Designed to prevent and respond effectively to future attacks, the program is slated to provide $374.9 million in fiscal year 2023 and $400 million more over the next two years.
- The Cyber Response and Recovery Fund: Designed to support responses after an attack, the fund provides $20 million a year from 2022 through fiscal year 2027.
Below are highlights of these programs and links to help you learn how you may be able to secure funds to strengthen your cybersecurity.
State and Local Cybersecurity Grant Program
Funded through the Infrastructure Investment and Jobs Act of 2022, the State and Local Cybersecurity Grant Program is designed to “award grants to eligible entities to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state, local, or tribal governments.”
The program, which provides $1 billion in funding over five years, allows systems under these entities — including schools districts — to develop, revise, or implement their cybersecurity plan. These funds, however, cannot be used to pay a ransom or for any purposes outside of addressing threats and mitigating risk.
The program, launched in 2022, provided $374.9 for fiscal year 2023. The grant authorizes the following funding:
- $300 million for FY 2024
- $100 million for FY 2025.
Funding may be used to:
- Develop, revise, or implement a cybersecurity plan, which must be submitted for review to be eligible for grant funding
- Implement cybersecurity projects
- Address imminent cybersecurity threats
Application Process and Timeline
Local governments, including school districts, are eligible sub-recipients through their respective states and territories. The funding is passed down from the state to local governments. The 2023 Notice of Funding Opportunity, published in August of 2023, provides recent details.
The Department of Homeland Security implements the State and Local Cybersecurity Grant Program through the Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA).
The program is designed to allocate funding where it is needed most: into the hands of local entities. States and territories use their State Administrative Agencies (SAAs) to receive program funds from the federal government. The SAAs then distribute sub-awards to local governments in accordance with state law and procedures. For a list of State Administrative Agencies.
For 2023, DHS issued the program's Notice of Funding Opportunity (NOFO) in August 2023. The notice includes all requirements and details, including information on funding eligibility for states and territories.
The legislation requires states to distribute at least 80% of funds to local governments, with a minimum of 25% of the allocated funds distributed to rural areas.
Eligible entities can apply via Grants.gov. Applications may include a completed Cybersecurity Plan, capabilities assessment, and individual projects approved by the Cybersecurity Planning Committee and CIO/CISO/equivalent. Grant applications are due Oct. 6, 2023.
CISA and FEMA will review each submission. Then, CISA will work with states and territories to address any missing content and/or approve final Cybersecurity Plans and individual projects.
2024 funding will likely follow the same process.
The Cyber Response and Recovery Fund
In addition, the federal government has added funding to help governments impacted by cyberattacks.
Part of the 2021 Bipartisan Infrastructure Bill, the $100 million Cyber Response and Recovery Fund is available to state, local, and Tribal governments to support entities impacted by a cybersecurity incident with the response to, remediation of, or recovery from the incident, including coordination.
This program allocates $100 million over five years (ending in 2027) to establish a fund that the Cybersecurity and Infrastructure Security Agency can tap into in the event of a significant cyber incident when other resources are deemed insufficient.
The funds, which are available after a Secretary of Homeland Security emergency declaration, can support the following efforts associated with "a specific significant incident":
- Technical and advisory assistance to protect assets, mitigate vulnerabilities, and reduce related impacts
- Risk assessments for critical infrastructure impacted by the incident
- Developing plans to mitigate the risk
- Facilitating information sharing in conjunction with entities performing threat response activities
- Obtaining guidance on how to use federal resources best to fast-track recovery from the incident
The funds are also available to use for response and technical activities related to an identified incident. Uses include:
- Vulnerability assessments and mitigation
- Technical incident mitigation
- Malware analysis
- Analytic support
- Threat detection and hunting; and
- Network protections
The funds may also be used on hardware or software to replace, update, improve, harden, or enhance the functionality of existing hardware, software, or systems. This can include technical contract personnel support, such as Tyler's Cybersecurity suite of services.
To Learn More:
References: