Trends

Government Grants Available to Fund New Cybersecurity Programs

Table of Contents

Just a couple of weeks ago, the Biden-Harris Administration announced $1 Billion (with $185 million available for FY2022) allocated to funding a first-ever state and local cybersecurity grant program. That grant program is part of the largest multi-billion dollar Zero Trust initiative that is currently underway across the US Department of Defense. This announcement comes after a few months where the government urged organizations of all sizes to strengthen their defenses against cyberattacks, and directed organizations with government funding to move to a Zero Trust strategy over the next few years. 

The mandates and directives around Zero Trust and government cybersecurity strategy are urging businesses to recognize the escalating threats that are plaguing organizations of all sizes with increased frequency. The strongly worded letter implores that “to understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations.”

For the very first time, an administration is allocating specific funds to cybersecurity initiatives because of the risk that is imposed on local and state governments, and our national security at large. The goal of this new program is to help organizations be better equipped to address cybersecurity risks, strengthen the cybersecurity of their critical infrastructure, and ensure resilience against persistent cyber threats for the services state, local, and territorial governments provide their communities.

Here Is My Take on This:

  • I don’t see cybersecurity as a “technology problem” when we really get into the meat of what is going awry.  It is a leadership and execution problem combined with a lack of strategic focus, at least in my experience.
  • State, local, and small business organizations are at a great disadvantage when it comes to the purchasing power of tools and their ability to operate cybersecurity technologies so this help is critical to be able to get them off the ground. Not every business needs to be a business that “does” cybersecurity, most of the time this should be outsourced. This is why MSPs and MSSPs are so valuable in this space.
  • The supply chain is infected, period. We collectively buy electronics, software, hardware, and systems from nations and organizations that are both openly and clandestinely hostile to our national interests. But we can’t “get off” of those supply lines, at least not yet.  So we must accept that and treat every asset as compromised and observe what is taking place in our systems so we can identify when threats and vulnerabilities are present.
  • Other countries will (or should) follow suit on these national efforts.  This is a space where a rising tide does not necessarily lift all ships.  Those organizations and nations that fall behind will be the easy targets, which is not what you want to be in cybersecurity.

What You Should Do (Now) to Qualify for a Government Grant

There are two key requirements in order to receive the grant: 

STEP 1: Form a Cybersecurity Committee

The Cybersecurity Planning Committee will identify and prioritize state-wide efforts to identify opportunities to consolidate projects and increase efficiencies. Each eligible entity is required to submit confirmation that the committee is composed of the required representatives. The eligible entity must also confirm that at least one-half of the representatives of the committee have professional experience relating to cybersecurity or information technology.

Who can be on your planning committee: 

  • The eligible entity
  • If the eligible entity is a state, then representatives from counties, cities, and towns that fall within the jurisdiction of the eligible entity
  • Public education institutions within the jurisdiction of the eligible entity
  • Public health
  • Rural, suburban, and high-population jurisdictions

STEP 2: Form a Cybersecurity Plan

The Cybersecurity Plan is a statewide planning document that must be approved by the Cybersecurity Planning Committee and the CIO/CISO equivalent. The Plan will be subsequently updated in FY24 and 25. It must contain the following components:

  • Incorporate, to the extent practicable, any existing plans to protect against cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, SLTs.
  • How input and feedback from local governments and associations of local governments was incorporated.
  • Include all of the specific required elements (see Required Elements section of Appendix C of the Notice of Funding Opportunity)
  • Describe, as appropriate and to the extent practicable, the individual responsibilities of the state and local governments within the state in implementing the Cybersecurity Plan.
  • Assess each of the required elements from an entity-wide perspective.
  • Outline, to the extent practicable, the necessary resources and a timeline for implementing the plan.
  • Summary of associated projects.
  • Metrics that the eligible entity will use to measure progress.

Need Help?

If you’d like additional guidance on how to apply for this benefit, be sure to contact us at info@lumu.io.

Recent Posts

  • Blog

Lumu & the MSP Community: 2024 in Review

Reading Time: 4 minsLumu has worked hand-in-hand with MSPs throughout a year that consolidated the…

3 days ago
  • Blog

Reflecting on 2024: Lumu’s Innovations in SecOps

Reading Time: 5 minsLumu’s 2024 SecOps advancements focus on automation and smarter threat detection, with…

5 days ago
  • Attacks

Lumu’s Detection & Response to a Real-World DNS Tunneling Attack

Reading Time: 7 minsThis is the story of a serious DNS tunneling attack on a…

1 week ago
  • Events

Cybersecurity Insights for MSPs: Lessons from IT Nation Connect 2024

Reading Time: 4 minsDiscover the top insights from Lumu’s pre-conference workshop at IT Nation Connect,…

4 weeks ago
  • Stories

Cybersecurity Trends 2025 and Beyond: Navigating AI-Driven Evasion Techniques and Autonomous Threats for Resilient Defense

Reading Time: 2 minsAs we move into 2025, AI-driven evasion and autonomous threats will redefine…

4 weeks ago
  • Trends

CISA Reveals How 12 Ransomware Gangs are Bypassing EDRs

Reading Time: 7 minsEndpoint Detection and Response (EDR) has a critical role in most companies’…

2 months ago