DHS Announces New Funding Round for the State and Local Cybersecurity Grant Program

Key Takeaways

On August 8, the Department of Homeland Security (DHS) announced a new funding round for the State and Local Cyber Grant Program (SLCGP). The SLCGP was established by the State and Local Cybersecurity Improvement Act, which is part of the Bipartisan Infrastructure Law (BIL). The SLCGP provides $1 billion in funding over four years to support state, local and tribal governments in developing and improving capabilities to detect, protect against, and respond to cyber threats. This year’s funding allotment represents a significant increase from the $185 million allotted in fiscal year 2022 (FY22), to a total of $375 million for fiscal year 2023 (FY23). Applications for the new funding round are due by October 6.

The SLCGP is eligible for states to apply, and recipients are required to provide local governments with pass-through funding throughout all stages of the program. The DHS is implementing through the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA). CISA provides expertise and guidance on cybersecurity issues, while FEMA manages the grant award and allocation process. Award recipients may use funding for a wide range of cybersecurity improvements and capabilities, including cybersecurity planning and exercising, hiring cyber personnel, and improving the services that citizens rely on daily. 

The first year of the program focused mainly on ensuring that states formed a cyber planning committee and develop an overall plan for implementation of their funding allocations through the SLCGP, both of which need to occur by Sept 30, when year one of the program ends. A total of 48 out of 50 states successfully applied for funding.  Program activities that have been reported by states so far include:

• Using funds for the planning component
• Using funds for statewide, state provided cyber services (or expansion of services) such as phishing test software, monitoring tools or security assessments
• Using funds to solicit proposals from local entities and approving a subset of those proposals, many of which are focused on small and rural counties

Coinciding with the new funding round announcement, the annual meeting of the Multi-State Information and Sharing Analysis (MS-ISAC) took place for its 20th annual gathering Salt Lake City Utah, with a specific presentation focusing on a recap of year one of the SLCGP. Overall perspectives shared included the fact that “if you’ve seen one state, you’ve seen one state.” As year one has progressed, planning committees are seeing that the needs are great, variations exist based on the size and cyber maturity of the local entity, and that requests being made far exceed the available funding. For those states that accepted applications, submissions included projects that would implement cyber assessments, multi-factor authentication, real-time monitoring tools or pro-active remediation.  in the MS-ISAC is a requirement for any local entity that submits a proposal and is awarded funding under this program.

States have until October 6 to apply for this FY23 grant opportunity. For more information and helpful resources on the State and Local Cybersecurity Grant Program, visit FEMA’s webpage: State and Local Cybersecurity Grant Program | FEMA.gov or CISA webpage:  CISA and FEMA Partner to Provide $374.9 Million in Grants to Bolster State and Local Cybersecurity | CISA.

NACo urges all counties to know the members of your statewide cyber planning committee and prepare now to put in a proposal for your county cyber needs. NACo will continue to monitor the SLCGP and provide membership with updates.