The $1.2 trillion Infrastructure, Investment, and Jobs Act signed into law at the end of 2021 includes $1 million to strengthen cybersecurity at state, local, tribal, and territorial government agencies.
Federal grants will be administered by the Cybersecurity and Infrastructure Security Agency (CISA), which falls under the U.S. Department of Homeland Security. Funds from the State and Local Cybersecurity Grant Program will augment support already provided by CISA to local governments and schools.
Monies will be allocated over the next four years in the following amounts:
- $200 million in FY 2022
- $300 million in FY 2024
- $100 million in FY 2025
State and Local Governments Under Threat
The funding could not come at a more critical time. A report by security firm Sophos characterized the threat of ransomware attacks on central government and non-departmental public bodies (NDPB), and local government organizations as a “national emergency.”
About 5,400 IT decision-makers in 30 countries were surveyed in January and February of 2021 for the report. Of those, 131 worked in local government and 117 at central government and NDPB.
Among the findings in central government and NDPB:
- 40% of the organizations were hit by ransomware in the last year.
- 81% of organizations had a malware incident recovery plan.
- Rectifying a ransomware attack costs an average of $1.37 million. This includes downtime, people time, device and network costs, lost opportunities, and ransom paid – among other factors.
Meanwhile, in local government:
- 34% were hit by ransomware in the last year.
- 69% of organizations hit by ransomware said cybercriminals were able to encrypt their data in the most significant attack.
- 73% of organizations had a malware incident recovery plan – the lowest of all the sectors surveyed.
Ways to Mitigate Cyberattack Risk
What can state and local governments do to protect themselves?
CISA offers free cybersecurity services and tools to state, local, tribal and territorial governments, to help advance their security postures.
These include CISA cybersecurity services, widely used open-source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community.
Federal Cybersecurity Grants
According to StateTech magazine, CISA Director Jen Easterly is working with the Federal Emergency Management Agency (FEMA) to create guidance for the grant program. Funds should be made available within the next few months.
Now is the time for potential grant recipients to begin strategizing on how they’ll use the money. You should be thinking about more than bolstering existing protections. Consider how to expand them.
As our co-founder, Jim Barge is fond of saying, “This is not a ‘set it and forget it’ solution, but an ongoing process.”
SP6 Has Expertise in These Areas
If you are not sure where to begin, you’re not alone. This may appear to be a daunting task, given all the threats out in cyberspace.
However, our highly credentialed services team has the knowledge and years of experience to assist your organization, no matter the size. Contact us to find out how we can help.