State & Local Cybersecurity Grant Program

 

Webinars

Washington state was pleased to host two no-cost webinars from the Center for Internet Security (CIS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) about the National Cybersecurity Review (NCSR). The NCSR is a requirement for the SLCGP, and a great place to start your organization’s self-assessment path towards a stronger security posture. 

The first webinar, an hour overview of the NCSR, was held on Dec. 6, 2023. A recording of the session can be viewed here.

Thank you to everyone for attending the Nationwide Cybersecurity Review (NCSR) webinar on January 9. Please see the below links for relevant materials that were discussed during the workshop:

 

 

The State and Local Cybersecurity Grant Program Planning Committee has approved recommendations for 124 projects across the state and is now waiting for CISA/FEMA approval.

State agencies, higher education institutions, school districts, Tribal governments, cities, counties, and special purpose districts such as public utility districts are examples of local governments eligible for grant funding. Cybersecurity or privacy projects that align with the objectives of the grant program and state cybersecurity plan will be considered.

The state received roughly $14 million over four years. The state Legislature has provided the matching funds for the first two years (so local jurisdictions don’t need to meet the matching fund requirement). In the first round of funding, roughly $3 million was allocated to cybersecurity and privacy projects across the state. The second round of funding for 2024 will allocate roughly $6 million.

For more information about this year's funding see our FAQ (Updated May 2024).

 

Application resources:

About the program

The U.S. Department of Homeland Security is providing funding, through the Infrastructure Investment and Jobs Act, to address cybersecurity risks and threats to information systems owned or operated by state, local and territorial governments.

EMD and WaTech leaders, in coordination with a planning committee that has broad-based membership, drafted a statewide strategic cybersecurity plan which was approved by the Cybersecurity and Infrastructure Security Agency (CISA) in July 2023.

Following approval of the plan, the state solicited projects from local jurisdictions, Tribes, and state agencies.  After a rigorous review, more than $6.2 million in grant funding was allocated from the FY22 and FY23 awards. To allocate the remaining FY23 funding, a new project solicitation round will be announced in early 2024.  

While the program continues to be established, this is a great time to assess baseline security measures currently in place. CISA has resources that can help including:

  • Web Application Scanning is an "internet scanning-as-a-service." This service assesses the "health" of your publicly accessible web applications by checking for known vulnerabilities and weak configurations. Additionally, CISA can recommend ways to enhance security in accordance with industry and government best practices and standards.
  • Vulnerability Scanning evaluates external network presence by executing continuous scans of public, static IPs for accessible services and vulnerabilities. This service provides weekly vulnerability reports and ad-hoc alerts. (Email CISA at vulnerability@cisa.dhs.gov with the subject line "Requesting Cyber Hygiene Services" to get started.)

Additional resources

Questions?

State, local and Tribal governments interested in applying for grants are encouraged to send their contact information to preparedness.grants@mil.wa.gov.