Understanding the State and Local Cybersecurity Grant Program

Earlier this year, Pennsylvania became the first state to acknowledge it will receive federal funding under the State and Local Government Cybersecurity Grant Program (SLCGP). Pennsylvania explained that the money came to $5.2 million, and said that local governments could apply for funds through a competitive grant program the state will administer.

The good news is that money for state and local government cybersecurity efforts will be available for a few years, despite recent federal discussions over budgets and funding. Congress has authorized an appropriation of cybersecurity funding for SLGCP of $400 million for FY 2023, $300 million for FY 2024, and $100 million for FY 2025.

This money is meant to be spread out to local usage, and not just to fund cybersecurity measures at the individual state level. States must allocate at least 80% of their funding to local and rural communities, with a minimum of 25% going to rural areas. There is also a Tribal Cybersecurity Grant Program for federally recognized tribes that have not applied under the SLCGP.

According to Government Technology, the last few years have seen several large-scale federal funding packages, many of which end up in individual state CIO offices.  Most, if not all states, are happy with the funding offers to modernize legacy systems, support connectivity and bolster cyber defenses. But New Hampshire CIO Denis Goulet makes another point, “We have that fast pace that we have to go, particularly for ARPA (American Rescue Plan Act) because you must have the funds encumbered by a certain point and then fully expended by a certain point. What I find myself doing is pushing my team and the agencies harder than I might normally do to deliver results, so that we’re not leaving money on the table on those projects.”

StateTech explains the first step for governments seeking funding: “The initial priority for all entities seeking funding is to prepare a representative and competent cybersecurity planning committee. Understandably, half of the members must be IT or cybersecurity professionals. But while technical acumen is important, a statewide committee will require input from professionals in many fields. Public health representatives and public education representatives must also sit on the committee, which is useful, considering hospitals and schools are often the targets of cyberattacks.”

Specifically, the Cybersecurity Planning Committee must include representation from each of the following, according to the Cybersecurity and Infrastructure Security Agency (CISA):

• The eligible entity.   
• The Chief Information Officer (CIO), the Chief Information Security Officer (CISO), or equivalent official of the eligible entity.
• If the eligible entity is a state, then representatives from counties, cities and towns within the jurisdiction of the eligible entity. 
• Public education institutions within the jurisdiction of the eligible entity.
• Public health institutions within the jurisdiction of the eligible entity; and
  
• As appropriate, representatives of rural, suburban, and high population jurisdictions, and;
• At least half of the representatives of the Cybersecurity Planning Committee must have professional experience in cybersecurity or information technology.

To help committee members and administrators alike, FEMA offers a list of frequently asked questions and helpful answers about the SLCGP, as well as a downloadable grants manual.

In most cases, the State Administrative Agency (SAA)  is responsible for managing the grant application and award. That agency is responsible for ensuring at least 80% of the federal funds awarded under the SLCGP are distributed to local entities.  The way the system is currently structured, local governments can’t apply directly and must work with their state’s SAA and Cybersecurity Planning Committees. FMEA provides a helpful list of State Administrative Agency contacts, with phone numbers, email addresses and state websites.

Local governments are loosely defined, and they include: a county, municipality, city, town, township, local public authority, school district, special district, intrastate district, regional or interstate government entity, or agency or instrumentality of a local government, an Indian tribe or authorized tribal organization, and a rural community, unincorporated town or village, or other public entity.

According to the National League of Cities, State Municipal Leagues are another essential partner for local government in pursuing these funds. Cities, towns and villages should connect with their State Municipal League to help their funding requests to their  SAA. The National League of Cities has compiled contact information for each State Municipal League.

Spectrum Enterprise can help

While developing a plan, governments should consider that Spectrum Enterprise has over 20 years of experience designing, implementing and managing IT solutions for state and local governments across the US.  Our team of certified experts can design the best networking and connectivity solutions for your operational continuity and disaster recovery plans. Spectrum Enterprise offers fully managed or co-managed network infrastructure solutions, designed to take the burden off overworked IT staff. 

For cybersecurity specifically, Spectrum Enterprise enables safer, more effective and efficient interaction between users, systems and content. Secure Access with Cisco Duo and Cloud Security with Cisco+ Secure Connect are built with trusted, leading-edge technology and expert support, that enables teams to be more informed and more responsive for single and multi-site organizations alike.