CISA, DHS Bolster State and Local Cybersecurity Programs

The Cybersecurity and Infrastructure Security Agency authorized California-based communications company Viasat to receive sensitive and classified indicators of compromise from the federal government in order to better protect their U.S.-based customers from cybersecurity threats.

The company joins AT&T and Lumen as members of the Enhanced Cybersecurity Services program, which aims to augment intrusion detection for U.S. organizations, with federal aid for state and local entities to participate. The ECS providers will apply their access to sensitive and classified information to domain name service sinkholing, email filtering and netflow analysis, according to CISA’s description of the program. 

“We are pleased to add an additional service provider to the ECS program,” said Acting CISA Director Brandon Wales in a press release Tuesday. “This announcement follows a rigorous accreditation process designed to ensure the security of classified information and the privacy of end-use customers. ECS remains the only commercially available service capable of automated sensitive and classified information sharing. We believe this new partnership highlights our continued commitment to using a variety of tools to enhance the nation’s cyber defense posture.”

Cybersecurity experts, including former CISA Director Christopher Krebs, advocated federal agencies and critical infrastructure entities making greater use of shared services CISA offers after the massive hacking campaign involving network management company SolarWinds and the breach of a Florida city’s water treatment facility. 

The Biden administration has called for more than $9 billion in a COVID stimulus funding bill for CISA and agencies to modernize their technology. While the Associated Press reported passage might have to wait for another vehicle, such as an infrastructure bill, CISA expects that the hacking campaign will drive more funding its way. 

On Monday, the Department of Homeland Security announced plans to increase the amount recipients of its Federal Emergency Management Agency grants will have to spend on cybersecurity as well as the possibility of additional grants. 

“This week, Secretary [Alejandro] Mayorkas will increase the required minimum spend on cybersecurity through FEMA grant awards,” according to a press release. “To accelerate critical improvements in state and local cybersecurity, CISA will urgently evaluate and implement additional capabilities including potential new grant programs that will enable critical security investments.”

The chairs of the House Homeland Security Committee and that panel's cybersecurity subcommittee applauded the announcement. 

“We are encouraged to see Secretary Mayorkas taking the cyber threats to state and local networks seriously and look forward to working with him on this important issue, particularly as we prepare to reintroduce the State and Local Cybersecurity Improvement Act,” reads a reaction statement from Chairman Bennie Thompson, D-Miss., and Rep. Yvette Clarke, D-N.Y., the subcommittee leader. 

State and local entities may be eligible for free or reduced-cost access to ECS via the FEMA Homeland Security Grant program, which currently makes just over $1 billion in funding available each year.