Preparing for Federal Cybersecurity Grant Submission
The Infrastructure Investment and Jobs Act has opened a large pool of funds for state and municipal governments to protect their technology from security threats like ransomware. An effective and updated cybersecurity plan is critical to apply for available funds and enhance cybersecurity.
Municipal budgets provide little wiggle room for investing in new capabilities or technology. Nevertheless, they face no less a cybersecurity threat than well-resourced companies or government bodies. These are the local governments that administer emergency services, schools, and utilities, in addition to a variety of other critical capabilities.
The new funding would represent a crucial step in the right direction. A report by the Public Technology Institute found that 66% of respondents – 95 IT executives at local municipalities – felt their budgets were inadequate.
DHS Grants for State and Local Governments
The act increases the monies available through the Department of Homeland Security, allowing state and local governments to tap into significant resources for investing in data security.
For context, FEMA will oversee grant money allocated over four years. Funds for each year are set as $200 million available in 2022, $400 million in 2023, $300 million in 2024, and $100 million in 2025 for states, which will issue funds downward to counties and towns.
While this segmented approach may not permanently resource key roles or technology licenses, at the least, it proves a significant investment for applicants to overcome gaps stemming from aging technology.
Prepare for Cybersecurity Grant Application with a Cybersecurity Plan
Grant funding typically relies on an applicant’s ability to show, in detail, how approved funds would make a difference. Each application includes criteria that require applicants to have a cybersecurity plan before applying.
As Dan Lohrmann observes in this piece, an open question is whether these are an individual applicant’s plan or an entire state’s plan. Regardless, having a comprehensive cybersecurity plan is a critical component for protecting technology assets.
There are plenty of examples of poor cybersecurity measures that left towns and cities crippled.
- The worst story comes from Maryland, where the RobbinHood ransomware infected the city of Baltimore in May 2019. An initial demand for $76,280 in Bitcoin ballooned to $18.2 million in damages, reparations, later mitigations, and lost tax revenue.
- Malware researcher, Joe Stewart, who has analyzed RobbinHood, identified the ransomware as appearing to have “software-as-a-service” qualities, including a display panel and user interface. He speculated how attackers managed to gain access and observed that it disabled security services as it progressed.
- In August 2019, the State of Texas acknowledged ransomware attacks in at least 20 different municipalities.
Prepare Your Grant Application Now
While exact grant rollout details are not final, committing to a practical and actionable cybersecurity plan will not only enhance cyber risk management capabilities but maximize a grant application. To that end, now is the time to assess your existing systems and measure their strengths and weaknesses.