Agencies Can Turn to Federal Grants to Fund Cybersecurity Efforts
At a June hearing of the U.S. House Committee on Homeland Security, Atlanta Mayor Keisha Lance Bottoms made a push for increased federal cybersecurity grant funding for states and cities, StateScoop reports.
Bottoms recalled the March 2018 ransomware attack that disabled Atlanta IT systems ranging from court scheduling to utility bill payments.
“It’s important for federal funding to trickle down to our cities like Atlanta and smaller cities to allow us to be able to buy insurance and build stronger systems,” Bottoms testified. “When we experienced our cyberattack, it was clear we were not prepared. We had not made the necessary investments. We were putting patches on gaping holes.”
When assessing options for cybersecurity funding, state and local governments often discover they lack the funding to achieve their vision. Then, they may turn to federal grants to pay for cybersecurity upgrades. A few of these funding services tackle cybersecurity challenges directly while others may bolster cybersecurity by establishing or strengthening broadband or other citizen services.
Emergency Programs Provide Direct Federal Money for Cybersecurity
Perhaps the most prominent example of federal cybersecurity grants in recent months is hundreds of millions of dollars made available by the U.S. Election Assistance Commission.
In April, the EAC reported U.S. states and territories “spent 8 percent of the $380 million Congress approved by the time the elections rolled around,” the Washington Post reports.
The $31 million states spent by September 2018 was mostly targeted at low-hanging fruit, such as staff training on cybersecurity best practices, new digital protections for staff who access election systems and more regular updates to software, according to the report. States have through Sept. 30, 2023, to request funds, according to EAC guidance.
The Homeland Security Grant Program, administered by the Federal Emergency Management Agency, provides states and urban areas with funding to prepare for and respond to catastrophes, including cyberattacks.
Only 4 percent of funds distributed by the Homeland Security Grant Program goes toward augmenting cybersecurity, Frank J. Cilluffo, the director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security, told the House Homeland Security Committee in June.
Cilluffo recommended a requirement that states match funds to qualify for federal grants. Such a requirement would motivate states to increase cybersecurity spending in their IT budgets. State cybersecurity spending averages only one percent to two percent of total IT budgets annually, according to the National Association of State Chief Information Officers.
Nonemergency Programs Can Indirectly Boost Cybersecurity
Outside of federal spending directed toward combatting cybersecurity emergencies, other agencies offer state and local communities options for grant funding that could strengthen cyberdefenses.
The National Science Foundation awards about $1 billion in computer science research annually. Research tends to focus on specific areas such as transportation and personal mobility, water management, emergency management and public safety, energy and smart grids, among others.
While NSF primarily funds research at universities, its grant programs focus on doing so in partnership with communities, explained Meghan Houghton, NSF Senior Advisor for Strategic Engagements, at the Smart and Secure Cities and Communities Expo in Washington, D.C., on July 11.
Communities typically use NSF funds for projects in emerging technologies such as data analytics, privacy, artificial intelligence, human-computer interactions and others — all of which may have cybersecurity components. “Our program is focused on an iterative cycle to conduct research with a community to have significant community impact,” Houghton said.
Broadband grant funding is available from the federal government under the U.S. Department of Agriculture. USDA invests in rural telecommunications infrastructure, and it offers more than $700 million per year for modern broadband connectivity in rural communities, said Ryeon Corsi, USDA Management and Program Analyst for the Rural Utilities Service Telecommunications Program, at the Smart and Secure Cities and Communities Expo. USDA planned to increase its funding with at least $600 million for expanding rural broadband infrastructure in unserved rural areas and tribal lands.
Jeanne Milliken Bonds, senior manager of community development for the Federal Reserve Bank of Richmond, explained that local governments can seek loans from banks under the Community Reinvestment Act, a federal law passed in 1977.
While officials may think of CRA loans as sources of funding for affordable housing and small businesses, updated guidance in 2016 added broadband (as well as services associated with broadband) as an essential infrastructure eligible for CRA loans.
As Bond explains, CRA loans favor business plans with measurable milestones, mission statements and programming support. A community should be able to articulate how funds will be used.
With clearly specified objectives, a strong supporting plan and a detailed proposed budget, state and local governments can turn to the federal grants option that best fits their needs to seek additional funding for cybersecurity.
This article is part of StateTech's CITizen blog series. Please join the discussion on Twitter by using the #StateLocalIT hashtag.