DHS grants $375 million to state and local government cyber-resilience efforts

The Department of Homeland Security (DHS) on Monday announced it will pump nearly $375 million into state and local government coffers in a bid to increase cyber resilience in a sector that has been pummeled by ransomware attacks in recent months.

The State and Local Cybersecurity Grant Program (SLCGP), now in its second year, is a $1 billion fund with allocations spanning four years and specifically targeting state, local, and territorial government cyber resilience efforts. Potential grantees have until Oct. 6 to submit applications for the new wave of funds, a DHS press release said.

Demonstrating the urgency of the issue, all but two states and territories applied for a cut of the first year’s $185 million tranche. The program, which is administered by the Cybersecurity and Infrastructure Agency (CISA) and the Federal Emergency Management Agency (FEMA), is meant to help state and local governments defend against ransomware and other cyber attacks that have become routine.

“In today’s threat environment, any locality is vulnerable to a devastating cyber attack targeted at a hospital, school, water, or other system,” DHS Secretary Alejandro N. Mayorkas said in a prepared statement.

He called the grants a way for local communities to prepare for the threat “regardless of size, funding, or resources.”

CISA will offer expertise to guide the overall process and FEMA will administer grant awards and oversee the allocation process, according to the DHS release. The funds can be used for a range of cyber resilience investments, the release said, including what it called “planning and exercising” as well as recruiting and paying for personnel with cyber expertise.

In recent months state and local governments have been virtually under siege as ransomware attacks in particular have crippled services in communities of all sizes.

Last month a coastal Mississippi community was hit by what a local official compared to a “digital hurricane.” About 25,000 people live in George County, where systems were compromised by ransomware actors who used a phishing email mimicking a routine system update to break in.

Spartanburg, South Carolina was hit in April, in a ransomware attack that constrained IT and phone systems.

In May, Dallas shut down its municipal court system and the fire and police departments reported that one of the dispatch systems used by their 911 and 311 call centers had been disabled by the attack.