With the passage of the Bipartisan Infrastructure Law, the White House announced, “$1 Billion in Funding for First-Ever State and Local Cybersecurity Grant Program,” in an effort to put money into the hands of local governments to mitigate against hacks and prevent exposure of sensitive government data as a result of data breaches. But why is the federal government so concerned about local government cybersecurity? And why should local governments feel a need to modernize their computer systems?
Data breaches of local governments are becoming more frequent and costly. Hackers aren’t discriminating by region either, with cities as large as Atlanta to townships with populations as small as 13,000 in Texas (to even state governments and federal institutions) facing devastating financial consequences and the loss of critical government data in recent years.
Learn more about why the federal government is wisely encouraging local governments to take action, and how you can leverage federal grants to be resilient against ransomware attacks and hackers.
What is the State and Local Cybersecurity Grant Program Program?
President Joe Biden recently announced that $1 billion in funds set forth in the Bipartisan Infrastructure Law is being made available, “over four years to help States and Territories become more resilient to cyber threats,” with $185 million being made available in 2022.
For local governments, this news means that you’re able to start applying for the federal State and Local Cyber Security Grant Program (SLCGP) now as it pertains to upgrading your government information technology systems to prevent ransomware attacks and other damaging cyber attacks.
Why is the Federal Government Taking Action to Ramp Up Municipal and County Cybersecurity?
“Cyberattacks have emerged as one of the most significant threats to our homeland” - Secretary of Homeland Security Alejandro N. Mayorkas
In recent memory, governments of all sizes and regions have been hacked across the United States. Foreign hackers performing government data breaches are typically in search of critical and private government data, with the goal to collect a ransom for the safe return of the data. When governments refuse to pay the ransom (which the FBI discourages doing) critical data is oftentimes lost permanently. In Atlanta, it cost the city government as much as $17 million in taxpayer dollars to address and overcome a data breach in 2018.
In order to keep your private government data secure as hack attempts against governments continually occur (and often succeed) you’ll need to use federal grants and your local government budget to address the issue and improve your IT systems for cybersecurity.
How Can Local Governments Apply for Federal Cybersecurity Grants?
On September 16, 2022, the Department of Homeland Security released a Notice of Fund Opportunity (NOFO) allowing state, local, and territory governments to request grant funds to allocate towards local cybersecurity infrastructure. Within this NOFO, clear instructions are outlined for how a locality can receive grant funds.
At a glance, you’ll need to:
- Coordinate a Cybersecurity Planning Committee.
- Develop a Cybersecurity Plan outlining what actions you plan to implement with grant funds.
- Use government key performance indicators to, “conduct assessment and evaluations as the basis for individual projects throughout the life of the program.”
- Implement cybersecurity best practices in your locality.
Here are more details the key actions your municipal, county, or territory government will need to take in order to receive money for local cybersecurity projects.
Coordinating a Cybersecurity Planning Committee
Consider which local government officials within your community are well suited to be on your Cybersecurity Planning Committee (CPC). Consider that your CPC will
- “[develop, implement, and revise a] Cybersecurity Plan”
- work with the chief information officer or chief information security officer (or an equivalent official) to formally approve the Cybersecurity Plan
- prioritize which cybersecurity implementations will be prioritized using grant funds
The following data will need to be included in the Cybersecurity Plan formed by your CPC:
- “The eligible entity”
- “Institutions of public education within the eligible [local government’s] jurisdiction”
- “Institutions of public health within the eligible [local government’s] jurisdiction”
- “representatives from [your] rural, suburban, and high-population [jurisdiction]”
The NOFO specified that your Cybersecurity Plan should be a, “Comprehensive strategic plan to reduce cybersecurity risk and increase capability across the entity…[and] should cover 2 to 3 years.” For more details, see appendix two in the NOFO plan.
Cybersecurity Best Practices for Local Governments
Here are the elements laid out as best practices by the Department of Homeland Security that need to be considered by local governments:
- “Manage, monitor, and track information systems, applications, and user accounts…”
- “Monitor, audit, and track network traffic and activity transiting or traveling to or from information systems, applications, and user accounts…”
- “Enhance the preparation, response, and resilience of information systems, applications, and user accounts…”
- “Implement a process of continuous cybersecurity vulnerability assessments and threat mitigation practices prioritized by degree of risk to address cybersecurity risks and cybersecurity threats on information systems, applications, and user accounts…”
- “Ensure that the state or local governments within the state, adopt and use best practices and methodologies to enhance cybersecurity, discussed further below.
- “These 5 priorities are consider a must to include in your Cybersecurity Plan:
- “Implement multi-factor authentication
- Implement enhanced logging
- Data encryption for data at rest and in transit
- End use of unsupported/end of life software and hardware that are accessible from the Internet
- Prohibit use of known/fixed/default passwords and credentials
- Ensure the ability to reconstitute systems (backups)
- and Migration to the .gov internet domain.”
- “Promote the delivery of safe, recognizable, and trustworthy online services by the…local governments… including through the use of the .gov internet domain.”
- “Ensure continuity of operations of… local governments… in the event of a cybersecurity incident, including by conducting exercises to practice responding to a cybersecurity incident.”
- “Use the National Initiative for Cybersecurity Education (NICE) Workforce Framework for Cybersecurity developed by NIST to identify and mitigate any gaps in the cybersecurity workforces of…local governments within the state, enhance recruitment and retention efforts for those workforces, and bolster the knowledge, skills, and abilities of personnel …to address cybersecurity risks and cybersecurity threats, such as through cybersecurity hygiene training.”
- “Ensures continuity of communication and data networks within the jurisdiction of the… local governments… in the event of an incident involving those communications or data networks.”
- “Assess and mitigate, to the greatest degree possible, cybersecurity risks and cybersecurity threats relating to critical infrastructure and key resources…”
- “Enhance capabilities to share cyber threat indicators and related information between the state, local governments within the state, and CISA.”
- “Leverage cybersecurity services offered by the Department [of Homeland Security]”
- “Implement an information technology and operational technology modernization cybersecurity review process that ensures alignment between information technology and operational technology cybersecurity objectives.”
- “Develop and coordinate strategies to address cybersecurity risks and cybersecurity threats…”
The DOHS recommends going beyond these elements when applying for federal grants. Consider the Local Government Cybersecurity guide for more inspiration.
Also consider crafting a Local Government Cyber Security Management Plan like New York has just deployed to stay on top of strategic cyber security plans.
How Important is Local Government Technology to Cybersecurity?
If you’re using antiquated government digital platforms, or even still using paper and on-site computer systems, you’re at serious risk of a data breach. By switching to cloud-based government software, government data across departments will be automatically backed-up and updated in real-time. The cloud is substantially more difficult to hack into than on-site servers, and the regular back-ups ensure you’ll never lose access to your critical data. Plus, the onboarding process for GovPilot includes cybersecurity training for local government officials, so community-wide officials will be educated on phishing scams as they embrace digital infrastructure.
As you receive federal grants, your Cybersecurity Planning Committee should consider modern local government technology as an integral part of your Cybersecurity Plan. To learn more about how GovPilot can help, book a free demo.
Federal Cybersecurity Grants FAQs
What is the State and Local Cybersecurity Grant Program(SLCGP)?
The State and Local Cybersecurity Grant Program (SLCGP) is the allocation of federal funds provided in the Bipartisan Infrastructure Law recently signed into law by President Joe Biden. The federal funds are meant to allow state and local governments to upgrade their cybersecurity measures and protocols as government data breaches become more frequent.
Is GovPilot Cyber Secure?
GovPilot was built to help local governments make a full digital transformation. That’s why our digital infrastructure is stored in the cloud with Microsoft Azure. Your local government data will be significantly more cyber secure than using in-house servers (and even more so if your locality used paper-based workflows) and will be automatically backed up to ensure critical data will be safe from a ransomware attack.
How Can Your Local Government Plan for Federal Grants?
The Department of Homeland Security is requiring local governments to form a Cybersecurity Planning Committee to form a Cybersecurity Plan for your community. To begin, consider the most qualified technology experts in your local government that would be well-suited to set up your short-term and long-term cybersecurity strategy. As your team makes considerations for grant allocation, pay clear attention to the cybersecurity best practices the Department of Homeland Security encourages you to include in your plan, and consider which government technology will best secure your government data across departments.
What Cybersecurity Best Practices Does the Department of Homeland Security Discuss?
Click here for a full list of best practices in Appendix C of the NOFO released by the DOHS.
At a high-level, here are a few local government cybersecurity best practices to consider:
- Your locality needs to have a plan for continuity of government in the wake of a data breach.
- Your IT systems should be moved to the cloud for automated data back-up and better cybersecurity.
- Your local government should have an employee training program in place to educate government officials on the best practices for preventing data attacks.
- Offer digital services from your .gov website with cybersecure government software.
- Instill regular IT check-ups to ensure continued cybersecurity.
Local Government Automation: Benefits of Going Digital