Security

What Do Local Governments Need from Federal Cybersecurity Grants?

Agencies must maximize the effectiveness of $1 billion in funding.

Curtiss Strietelmeier is a Public Sector Funding Strategist with CDWG, he works with state and local governments to provide clarity around federal funding opportunities. Dr. Strietelmeier writes for ConnectIT and StateTech Magazine, consults with organizations on technology initiatives and projects, and presents at conferences around the country.

Eighty percent of the cybersecurity grants soon to be awarded through the Infrastructure Investment and Jobs Act (IIJA) will go to local governments.

And local governments may take many forms, as defined by the federal notice published for the grants:

“Local governments are defined in the law as a county, municipality, city, town, township, local public authority, school district, special district, intrastate district, council of governments (regardless of whether the council of governments is incorporated as a nonprofit corporation under State law), regional or interstate government entity, or agency or instrumentality of a local government; an Indian tribe or authorized tribal organization, or in Alaska a Native village or Alaska Regional Native Corporation; and a rural community, unincorporated town or village, or other public entity.”

As such, local governments’ cybersecurity strategies may differ based on their configurations. Different entities may face varied cybersecurity challenges, of course. But ultimately, local government entities may receive maximum value from these federal grants if they work together.

No matter their configuration, local governments could share data and devise common cybersecurity measures with the funding to create better defense systems. At their most effective, IIJA cybersecurity grants could have a tremendous impact if spent on solutions that produce shared defenses.

Click the banner below to gain customized content by becoming an Insider.

Agencies Can Pool Resources for Shared Solutions

Many local governments cannot afford to fully meet their cybersecurity needs going it alone. Without big budgets, local governments must make wise investments to maximize every dollar spent. A local agency can make smart investments by looking beyond its own silos.

To help facilitate this shared posture, state IT agencies could become service providers for local agencies throughout the state. If a municipality such as Galveston, Texas, would benefit from capabilities offered by ServiceNow but can’t afford it, the city could reach out to the state of Texas and arrange for the state to be its ServiceNow provider.

How would such a sharing of services work? Would it be the responsibility of the state to get all components of state and local government on the same page?

IIJA cybersecurity grants stipulate that states develop statewide cybersecurity plans that cover practical ways to implement spending. Once that is in place, all agencies below the state level can follow suit.

When it comes to agencies using grant funds to properly enhance their security posture, they could best explore shared solutions around multifactor authentication, identity and access management, privileged access management, data encryption, zero-trust architecture, and cloud readiness.

EXPLORE: How agencies can work with managed service providers to increase network visibility.

What if a Government Wants to Go It Alone?

The reality is that some local governments may not be inclined or prepared to work with shared services. Governments may change their priorities and focus on different cybersecurity solutions. Among agencies that go their own way, officials may primarily seek solutions that focus on creating a resilient data environment to stave off ransomware attacks.

Training could be another avenue for governments that aren’t sharing defenses. There is a great deal of value in government workers who can spot phishing attacks, even without protection from other sectors.

People often are the weakest link in any public sector — or private sector —cybersecurity plan. Investing in people through reskilling or upskilling can often yield great benefits.

This article is part of StateTech’s CITizen blog series. Please join the discussion on Twitter by using the #StateLocalIT hashtag.