State & Local Cybersecurity Grant Program

 

Webinars

Washington state was pleased to host two no-cost webinars from the Center for Internet Security (CIS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) about the National Cybersecurity Review (NCSR). The NCSR is a requirement for the SLCGP, and a great place to start your organization’s self-assessment path towards a stronger security posture. 

The first webinar, an hour overview of the NCSR, was held on Dec. 6, 2023. A recording of the session can be viewed here.

Thank you to everyone for attending the Nationwide Cybersecurity Review (NCSR) webinar on January 9. Please see the below links for relevant materials that were discussed during the workshop:

 

 

The State and Local Cybersecurity Grant Program (SLCGP) is a federal program that helps state, local, and tribal governments improve cybersecurity and protect their systems from threats. It is expected to provide $18.4 million in funding for Washington from 2022-2025, with 80% going to local governments, including 25% specifically for rural areas. The remaining 20% may support state projects.

The program funds projects such as: firewalls, system testing, cybersecurity monitoring, identity management (multi-factor authentication), training, and policy development. Administered by the Federal Emergency Management Agency (FEMA) and the Cybersecurity and Infrastructure Security Agency (CISA), Washington Technology Solutions (WaTech) handles technical aspects, and the Washington Military Department/Emergency Management Division (WMD/EMD) manages funding.

Fiscal year 2024 applications should open in late spring of this year, with funds available by the end of 2025. The State and Local Cybersecurity Grant Program Planning Committee has approved recommendations for almost 250 projects across the state in the first two rounds of funding.

Application resources:

About the program

The U.S. Department of Homeland Security has providing funding, through the Infrastructure Investment and Jobs Act, to address cybersecurity risks and threats to information systems owned or operated by state, local and territorial governments.

EMD and WaTech leaders, in coordination with a planning committee that has broad-based membership, drafted a statewide strategic cybersecurity plan which was approved by the Cybersecurity and Infrastructure Security Agency (CISA) in July 2023.

Following approval of the plan, the state solicited projects from local jurisdictions, Tribes, and state agencies.  After a rigorous review, more than $6.2 million in grant funding was allocated from the FY22 and FY23 awards. To allocate the remaining FY23 funding, a new project solicitation round will be announced in early 2024.  

While the program continues to be established, this is a great time to assess baseline security measures currently in place. CISA has resources that can help including:

  • Web Application Scanning is an "internet scanning-as-a-service." This service assesses the "health" of your publicly accessible web applications by checking for known vulnerabilities and weak configurations. Additionally, CISA can recommend ways to enhance security in accordance with industry and government best practices and standards.
  • Vulnerability Scanning evaluates external network presence by executing continuous scans of public, static IPs for accessible services and vulnerabilities. This service provides weekly vulnerability reports and ad-hoc alerts. (Email CISA at vulnerability@cisa.dhs.gov with the subject line "Requesting Cyber Hygiene Services" to get started.)

Additional resources

Questions?

State, local and Tribal governments interested in applying for grants are encouraged to send their contact information to preparedness.grants@mil.wa.gov.