By Jonathan McCombs, Ph.D.
State and local governments make tempting targets for cyberattackers: They manage vast and vitally important data and infrastructure critical to national security, but they often lack essential measures needed to keep information and facilities secure.
Recognizing this threat, the federal government and many states are fighting back with cybersecurity funding. The impacts of the first year of grants are difficult to measure, but one thing is clear: Cybersecurity funding will remain a top priority for state and local governments.
Federal Cybersecurity Grants
One of the ways states are funding their cybersecurity efforts is through grants.
In 2022, the federal government provided $1 billion in cybersecurity grants to state and local governments through the State and Local Cybersecurity Grant Program (SLCGP). These grants can be used to fund a variety of cybersecurity initiatives, such as hiring cybersecurity professionals, implementing security technologies and conducting vulnerability assessments.
The initial round limited eligibility to states, with the assumption that states would sub-grant to local government partners. But early evidence suggests some states opted to provide shared services to local governments instead of sub-granting, citing a lack of staff to manage the sub-granting process.
It will be interesting to see whether this trend continues or adjustments are made at the federal level in response to it.
State Cybersecurity Funding
In addition to federal grants, states are also providing their own cybersecurity funding. For example, in 2022 the state of California allocated $100 million for cybersecurity initiatives. This funding will be used to hire more cybersecurity professionals, implement new security technologies and conduct vulnerability assessments.
States are also providing other resources to help improve the cybersecurity of their organizations. For example, many states have established cybersecurity task forces or centers of excellence. These organizations provide guidance and support to state agencies on cybersecurity best practices.
In addition, every state that applied for SLGCP funds was required to develop a statewide plan and a statewide advisory group. Understanding the people who make up these groups and how to interact with them will be an important strategic consideration for organizations and agencies requesting funding, as well as for vendors of cybersecurity solutions looking to sponsor clients. Sponsors can initiate development discussions with state-level technology leaders through organizations that support state-level chief information security officers and chief information officers. One such organization, the National Association of Chief Information Officers of the States, is an excellent avenue to discuss cyber planning, cyberinfrastructure, and software to support cyber defense initiatives at the state and local levels.
Local Government Considerations
Although much of the cybersecurity funding conversation is happening at the federal and state level, local government information security leaders will continue to yield influence. Before the entire $1B+ funds are spent through the SLCGP, there likely will be some consideration for direct grants or other additional resources to local governments as politicians at the local, state and federal level get more of a sense for how these funds are being allocated.
Additional avenues for grant funds are available for local governments to consider through foundations and other grant opportunities. Local governments should consider cybersecurity as an essential component of software and application purchases that support operations. Sponsors can help support local governments with grant writing services, such as those offered through Lexipol’s GovGrantsHelp assistance program.
Prepare Now!
The local and state government landscape for cybersecurity funding is a rapidly evolving opportunity for both local, tribal, and state governments and the sponsors that have products that address this pervasive issue. The federal government and many state governments have recognized the need. Now is the time to prepare to compete for grants that will help mitigate the alarming trend of increased cyberattacks against local and state governments.
About the author
Jonathan McCombs, Ph.D., is an educator, former police officer and investigator, and a grant consultant for Lexipol. He holds a Master of Science in Criminal Justice and a Ph.D. in Criminal Justice. Dr. McCombs’ dissertation studied problem-based learning in law enforcement in-service training. Over his 20+-year career in public safety and higher education, he gained considerable experience in criminal justice and cybersecurity. Dr. McCombs is the co-founder of the Center for Public Safety and Cybersecurity Education in the Midwest and is actively researching and writing in the field of cybersecurity and law enforcement.