In the January 20, 2022 issue of “Be Cyber Safe”, we talked about the Infrastructure Bill signed into law by President Biden in 2021, which created the $1 billion State and Local Cyber Security Grant Program. The federal government is providing this grant funding to help local communities improve their cyber security. These funds will be made available in FY 2022 through FY 2025.
The federal government has been painfully aware of the threats of cyber attacks for several years. The State and Local Cyber Security Improvement Act part of the Infrastructure Bill has been discussed and going through many iterations in Congress since the 116th Congress (2019-2020). As early as 2020, the bill included language stating that in order for a state (or Commonwealth, if you will) to receive these funds, they must have an approved comprehensive cyber security plan to address cyber threats at the state and local levels as well as establishing a cyber security planning committee to develop the plan and the funding priorities.
In preparation for the eventual law, some states proactively developed task forces, comprehensive cyber security plans, and internal processes to implement the grant program when available. States such as Kansas and Texas are ready to hit the ground running.
The Kentucky Office of Homeland Security earlier this year stood up such a committee with representatives from state and local government as well as representatives from critical infrastructure. Additionally, the committee has begun developing the required cyber security plan which will be sent to CISA for approval.
Currently, the state projects that KY will receive $2M (FY2022), $4M (FY2023), $3M (FY2024) and $1M (FY2025).
The federal government and now the states are encouraging all government and critical infrastructure organizations to evaluate their risks, prioritize their vulnerabilities and implement security measures to protect their data and their communities. While the federal grant money will be available for government and critical infrastructure, all organizations including small businesses, non-profits, large corporations, etc. should constantly be evaluating their security protocols and improving as threats and vulnerabilities change. In order to keep up to date with the developments of the committee and the grant application process, follow the Kentucky Office of Homeland Security Cybersecurity Grants LinkedIn group at https://www.linkedin.com/groups/12627210/. We will continue to monitor the process and provide updates