The U.S. Department of Homeland Security (DHS) and Federal Emergency Management Agency (FEMA) recently released the notice of funding opportunity for the State and Local Cybersecurity Grant Program (SLCGP). This program is funded through the Bipartisan Infrastructure Law and provides a total of $1 billion dollars in cybersecurity related funding over the next four years, with $185 million dollars available for FY22, specifically targeted to state, local and territorial governments across the nation.
This program aims to support state, local and territorial efforts to address cyber risks that may exist or threaten their information systems. Through the funding, state and local governments will be better equipped to address cybersecurity risks, strengthen the cybersecurity of their critical infrastructure, and ensure resilience against persistent cyber threats for the services the government organization provides.
The release of this program comes right before the start of National Cybersecurity Awareness Month (October). This is a month that has been recognized since 2004, and lead by a collaborative effort between government and industry partners to raise cybersecurity awareness across communities both nationally and internationally. Cybersecurity is an important issue facing local governments, from addressing threats in their infrastructure to identifying best practices and resources to help residents and staff members protect themselves from cyber threats, and the new funding available through the SLGCP is an opportunity for local governments to better protect and respond to cyber threats.
What is This Program For?
There are four main objectives of the SLGP. Applications will need to address how a proposal meets the objectives listed below.
- Governance and Planning: Develop and establish appropriate governance structures, including developing, implementing, or revising cybersecurity plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations.
- Assessment and Evaluation: Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments.
- Mitigation: Implement security protections commensurate with risk.
- Workforce Development: Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility.
The additional components of an eligible application include:
- 1) A cybersecurity plan (unless requesting exception);
- 2) Proposed projects that align with the plan; and
- 3) The eligible entity must establish a cybersecurity planning committee comprised of the following members: the eligible entity, the Chief Information Officer or equivalent official of the eligible entity, representatives from counties, cities, towns (local governments) within the eligible entity, institutions of public education and health and representatives of rural, suburban, and high-population jurisdictions as appropriate.
Who is Eligible to Apply?
The open application for this funding is only available to state governments. Local governments cannot apply directly for the FY2022 funds and will need to wait for their state to be awarded their allocated funds of which 80% of these funds is required to be passed down to local governments. Additionally, 25% of the funds are required to be allocated to rural areas.
To be awarded the funding, each State’s identified State Administrative Agency (SAA) will need to apply for the assistance funds. Additionally, to be eligible for the FY2022 funds, each SAA must submit a cybersecurity plan that meets certain criteria.
The allocation of funding to states will be done by a baseline minimum level of funding for each state and territory based on population. To find out how much has been allocated to your state or territory, refer to pages 7-9 of the notice of funding opportunity.
How can Cities, Towns and Villages Interested in this Program Engage Today?
Local governments should begin to coordinate with the key partners listed below to have the best opportunity for this funding in the future.
- State Administrative Agent: The SAA in your state will be the only entity eligible to submit an application for the FY2022 SLCGP funds. The notice of funding encouraged the eligible entities to prioritize establishing the cybersecurity planning committees, the development of state-wide cybersecurity plans, conducting assessments and evaluations as the basis for individual projects, and adopting key best practices. Local governments should reach out to their SAA to get involved in the state’s plan to apply for funding and encourage their SAA to apply for the funding available. A full list of SAA contacts can be found at this link.
- State Municipal Leagues: Your State Municipal League is another essential partner in pursuing these funds. Cities, towns and villages should connect with their State Municipal League to share your desire for these funds at the state level through the State Municipal League’s advocacy efforts and contacts, specifically with the SAA. In addition to encouraging the state apply for these funds, the State Municipal Leagues might also consider advocating for a seat at the planning committee, especially to represent the interests of their dispersed or more rural cities, towns or villages, who may not have the ability or access to participate in these meetings. Contact information for each State Municipal League can be found at this link.
Other Important Resources
- To become a 2022 Cybersecurity Awareness Month partner and receive a toolkit of resources, email: firstname.lastname@example.org
- NLC-RISC and NLC-MUTUAL Cyber Roadmap Resource
- Cybersecurity and Infrastructure Security Agency SLCGP Frequently Asked Questions
- Department of Homeland Security SLCGP Fact Sheet