Basically the grants are there to “prime the pump” and get governments to invest in cybersecurity — since many are not doing so. The match is explained briefly below.
FEMA is involved since they have the mechanism to distribute the funds and manage the grants on behalf of the Cybersecurity and Infrastructure Security Agency (CISA).
From Axios:
The Biden administration will start accepting applications today from state governments for a sliver of a new $1 billion cybersecurity grant program.
The big picture: The four-year grant program aims to provide state and local governments with both starter funds and the momentum to craft ongoing cybersecurity strategies. It was
- For the first year, only $185 million of the $1 billion pool will be available, with applications due on Nov. 15.
Details:
A senior Department of Homeland Security official told reporters before today's announcement that the first year of funding will be awarded to states looking to establish a cybersecurity strategic plan, and outlined what conditions officials need to meet to get these dollars and what kinds of projects can receive funding.
- The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Emergency Management Agency (FEMA) will run the program and plan to allot funding by the end
of the year, according to the senior official. - Each state is eligible to receive a minimum of $2 million, Mitch Landrieu, the White House infrastructure coordinator, told reporters.
- States are required to dedicate 80% of their grant funding to local and rural areas, and at least 3% to tribal governments.
- Recipient states will receive only a portion of their award at first to do the necessary research to create their plans. The rest of their award will be released once their plan is approved by CISA and FEMA.
Between the lines: State and local governments often lack the financial resources to properly secure public goods like water infrastructure and schools as lawmakers prioritize other issues over cybersecurity.
- One estimate suggests only 35% of states have a line item for cybersecurity in their budgets.
- The program requires governments to match between 10% and 40% of the awards over the course of the four-year grant program. The idea is to get state and local governments in the habit of funding cybersecurity after the grant runs out.
What they’re saying: “It’s designed to help cities and states and counties and small communities organize themselves and get their heads wrapped around the need for cybersecurity,” Landrieu said. “It was never designed to be 100% of every project in America, it was designed to be a kick start.”
What’s next:
CISA and FEMA will accept applications for another round of funding dedicated to tribal governments later in the fall, according to a press release.
A DHS official told reporters they will provide Congress with recommendations in the future on whether the program should extend beyond the established four years.
