Biden admin launches $1B cyber grant program for state, local governments
The Biden administration on Friday launched a long-awaited federal cybersecurity grant program that will funnel up to $1 billion to state and local governments to upgrade their digital defenses.
The effort was created last November when President Joe Biden signed a $1.2 trillion infrastructure spending deal into law. It is administered by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) and will award an initial tranche of $185 million directly to states before the end of the fiscal year.
“The goal of this program is to address the enormous challenge that state, local and tribal and territorial governments currently face when defending against cyber threats,” White House senior adviser and infrastructure implementation coordinator Mitch Landrieu said on a Thursday press call.
He added that the money is “truly going to reach those most in need” as the law requires that states — each of which is eligible to receive at least $2 million for new or existing programs like developing a statewide cybersecurity plan or projects that enhance resilience — allocate at least 80 percent of their grant funding to local and rural communities and at least three percent to tribal governments.
Homeland Security Secretary Alejandro Mayorkas noted many local governments lack adequate resources to fend off “constantly changing cyber threats” that increasingly lead them to be exploited, noting the recent ransomware attack on a massive Los Angeles school district.
Protecting critical infrastructure
The White House has placed an emphasis on making upgrades to critical infrastructure to protect them against hackers. Last year, the president signed a national security memorandum tasking federal agencies to set cybersecurity performance goals for critical infrastructure.
The administration has since gone on to meet with the leaders of key trade groups as it crafts — and urges Congress for — cybersecurity regulations for operators in sectors like aviation, as well as warned states to shore up their defenses against possible digital attacks from Russia.
States will also be eligible to use the funds to improve their election infrastructure, though the timing of today’s notice means such resources won’t be available before November’s midterms, a senior Homeland Security Department official told reporters.
The official said DHS had consulted with communities at all levels over the last several months to shape the grant program and assess existing vulnerabilities.
“Frankly, we're hearing a lot of diverse views in terms of where they see their needs,” according to the official, who added that the initiative is “designed to implement mitigation measures that are based on best practices that are recognized not only across the federal government, but, frankly, across industry as well.”
The administration believes that “regardless of whether those practices are being applied to a water system in one jurisdiction, or to the electrical grid in another jurisdiction, they're ultimately going to be the kinds of practices that combined improve the resiliency and posture of our nation as a whole,” the official explained.
States have until November 15 to apply for the funds, with the intent that submissions will detail multi-year plans so that they don’t have to come back again in the future.
The grant program itself is slated to shutter after four years. However, the law that created the effort asked for recommendations to be submitted to Congress about ways to improve it, which could grant it a longer shelf life.
“We're working to ensure that cyber resilience is a key part of planning for all infrastructure projects, not just some of them,” according to Landrieu.
As the U.S. develops this “all-hazards” approach to infrastructure investments it will better “protect us against the cyberattacks that we know are potentially coming our way,” he told reporters.
In a statement, Senate Homeland Security Committee Chair Gary Peters (D-Mich.) said state and local governments across the U.S. "often lack the necessary resources to defend against cyberattacks, which can cost taxpayers millions of dollars and compromise sensitive personal data."
“Today’s announcement means that local communities will be able to obtain increased federal resources that will help them identify cybersecurity threats and mitigate the effects of online attacks," added Peters.
Sen. Maggie Hassan (D-N.H.), who along with Peters and Sen. Rob Portman (Ohio), the panel's top Republican, crafted the legislation to establish the grant program that was later incorporated into the massive infrastructure bill, said she looks forward to "how communities put this funding to work.”
Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.