The four-year grant program, included in last year’s infrastructure law, will help states and local communities “strengthen their cyber resilience.”
The Biden administration on Friday announced the launch of a $1 billion cybersecurity grant program to help state, local and territorial governments better defend against cyber threats and strengthen the security of their critical infrastructure.
The state and local cybersecurity grant program, which was included in the Infrastructure Investment and Jobs Act signed into law by President Joe Biden last November, will be administered by the Cybersecurity and Infrastructure Security Agency and the Federal Emergency Management Agency.
The Department of Homeland Security’s notice of funding opportunity for the program asks for states to submit their applications for funding by Nov. 15. Approximately $185 million of the grant’s total funding pool will be available for states in the first year of the program, which is set to last for a four-year period beginning in fiscal year 2022. Local governments are eligible to receive grant funding as sub-recipients of their states and territories.
During a briefing with reporters on Thursday, White House senior advisor and infrastructure coordinator Mitch Landrieu said that every state is eligible to receive a minimum of $2 million to “develop a statewide cybersecurity plan, conduct evaluations and begin their projects to strengthen their cyber resilience.” States that receive funding through the program are required to allocate at least 80% of the grant money to local and rural communities, and at least 3% to tribal governments.
“It’s designed to help cities, and states, and counties, and small communities organize themselves and get their heads wrapped around the need for cybersecurity, and seed money for them to organize it as well,” Landrieu said, adding that the program isn’t designed to cover the entire cost of every project, but rather to provide a starting investment for cyber resilience efforts.
DHS Secretary Alejandro Mayorkas, who also attended Thursday’s press briefing, cited recent cyber incidents targeting cities and local communities—including a ransomware attack on the Los Angeles Unified School District earlier this month—to underscore the fact that threat actors are “exploiting vulnerabilities and limited capacity to recover from devastating cyber attacks” across the country.
“Supporting our state and local government partners is critical to our national cybersecurity,” Mayorkas said. “The grants will significantly improve national resilience to cyber threats by giving state, local and territorial governments much needed resources to address network security and take steps to protect against cybersecurity risks to help them strengthen their communities.”
A DHS official at the press briefing said that states and local governments can use the grants to bolster the security of their election infrastructure, although he added that the timing of the program’s announcement means that funding will not be available in advance of the midterm elections.
In a joint statement following the program’s launch, Rep. Bennie Thompson, D-Miss., chair of the House Homeland Security Committee, and Rep. Yvette Clarke, D-N.Y., chair of the committee’s cybersecurity subcommittee, called the funding “a national security necessity.” Clarke previously introduced the State and Local Cybersecurity Improvement Act, which formally established the state and local cybersecurity grant program, after it was included in last year’s bipartisan infrastructure law.
“We applaud the department for their work in moving forward in implementing this vital new grant program, and we will continue to work to ensure state and local governments receive the cybersecurity assistance they need,” Thompson and Clarke said. “This funding is a vital down payment toward addressing our state and local cybersecurity challenges, and Congress must ensure that we continue to build on this support in the future.”