Securing the State
Challenges
The cybersecurity challenges state and local entities face are extremely complex. Some of the biggest challenges are:
- Data protection: Our public entities serve and protect our residents of the state. In addition to providing critical services, these entities collect and store resident’s data. This data and the infrastructure itself are prime targets for exploitation.
- Personnel Gaps: There is a nationwide shortage in our cybersecurity workforce. Because of this shortage, it is difficult to recruit and hire a skilled workforce as public entities are in direct competition with our private sector marketplace.
- Budgetary Constraints: Local governmental entities are a distinct disadvantage when trying to fund cybersecurity initiatives. Cybersecurity is expensive to implement and maintain and often is not deemed to essential to management and is deemed non-essential when compared to other budget essentials for the organization.
- Information Overload: Public entities often receive a lot of information about best practices for cybersecurity which often results in information overload. This impedes decision making. This is often rooted in not having the right personnel to help guide those cybersecurity steps.
Where to Start?
Cybersecurity is not a one size fits all or even an ordered list of steps to take to reach a “destination”. Cybersecurity is continued best business practices. These best practices are readily available to start implementing where an organization needs to mitigate risk. Every organization needs to understand that they own the risk to the systems and services they provide to the public as well as the data they collect and store. A study on local government cybersecurity efforts by University of Baltimore suggest four broad recommendations for American local governments to improve their practice of cybersecurity? Click here for more info on the below.
- create and maintain a culture of cybersecurity,
- address barriers to cybersecurity,
- follow best cybersecurity practices, and
- eliminate the “do not knows.”
State and Local Cybersecurity Grant Program (SLCGP)
In the Bipartisan Infrastructure Law, also known as the Infrastructure Investment and Jobs Act (IIJA), Congress established the State and Local Cybersecurity Grant Program (SLCGP) to “award grants to eligible entities* to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state, local, or tribal governments.” Within the U.S. Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) are implementing this authority through two grant programs:
*Eligible entity = State Administrative Agency. In Illinois the SAA is the Illinois Emergency Management Agency and Office of Homeland Security.
The SLCGP allows state and territory State Administrative Agencies (SAAs) to apply for grant funding. Under SLCGP, states and territories are the only eligible entities. Local and tribal governments are eligible subrecipients under this program.
The Tribal Cybersecurity Grant Program (TCGP), which allows Tribal governments to apply for grant funding. Under TCGP, Tribal governments of federally recognized Tribes are the only eligible entities and do not apply for funding through SAAs.