The U.S. Department of Homeland Security is providing funding, through the Infrastructure Investment and Jobs Act, to address cybersecurity risks and threats to information systems owned or operated by state, local and territorial governments.
The Washington State Military Department Emergency Management Division (EMD) and Washington Technology Solutions (WaTech) have partnered to oversee the grant. EMD will administer and manage the grant and any allocated passthrough awards. WaTech will be responsible for plan development and approval of projects.
EMD and WaTech leaders established a timeline for writing a comprehensive statewide strategic cybersecurity plan that meets all the new federal requirements, in coordination with a planning committee that has broad-based membership. The planning committee has set a target date of June 30, 2023 to have the plan written and begin accepting applications from eligible jurisdictions.
The state anticipates more than $3 million in grant funding during the coming year from the federal government. The state Cybersecurity Plan under development has a list of 16 requirements to meet including implementing multi-factor authentication, requiring encryption for data at rest and in transit, and eliminating unsupported software and hardware accessible from the Internet. See page 68 of the Notice of Funding Opportunity (FY22 SLCGP NOFO_9_13_2022.pdf) for the full list of requirements.
While the program is gearing up, this is a great time to assess baseline security measures currently in place. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has resources that can help including:
- Web Application Scanning is an “internet scanning-as-a-service.” This service assesses the “health” of your publicly accessible web applications by checking for known vulnerabilities and weak configurations. Additionally, CISA can recommend ways to enhance security in accordance with industry and government best practices and standards.
- Vulnerability Scanning evaluates external network presence by executing continuous scans of public, static IPs for accessible services and vulnerabilities. This service provides weekly vulnerability reports and ad-hoc alerts. (Email CISA at firstname.lastname@example.org with the subject line “Requesting Cyber Hygiene Services” to get started.)
State and Local Cybersecurity Grant Program Frequently Asked Questions
State, local and tribal governments are encouraged to send their contact information to email@example.com if they are interested in applying for grants.
- SLCGP Notice of Intent (NOI)
- MS-ISAC: No Cost and Fee‑based Services
- CISA: External Dependencies Management Assessment
- CISA: Cyber Hygiene Vulnerability Scanning
- CISA: Cyber Hygiene Web Application Scanning
- CISA: Cyber Resilience Review
- CISA: Cyber Resilience Workshop
- CISA: Cyber Infrastructure Survey