Federal cybersecurity grants
On Sept. 16, 2022, the Department of Homeland Security (DHS) announced a first-of-its-kind cybersecurity grant program specifically for state, local, and territorial (SLT) governments across the country.
The Department of Homeland Security (DHS), through the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Emergency Management Agency (FEMA) released the notice of funding opportunity information on their website: https://www.cisa.gov/cybergrants.
VITA, in partnership with the State Administrative Agency (SAA) for the Commonwealth, the Virginia Department of Emergency Management, has applied and been approved for program years 1 and 2. Program years 3 and 4 are yet to come.
State and Local Cybersecurity Grant Program (SLCGP) Capability Assessment Applications
The SLCGP Capability Assessment project is now open and accepting applications between Feb. 16 - April 19.
When you apply, make sure to have:
- Brief description of your organization
- Estimated number of locations with technology assets
- Estimated IT budget or estimated number of technology assets
- Estimated number of end users
- Any additional contacts, other than the person completing the application:
- Finance – If someone in your organization needs information about the grant amount spent on your organization’s behalf
- Assessment – If someone other than the person completing the application should be contacted about conducting the assessment
- Local consent signatory – Organization contact for signing the consent agreement
If you have not yet signed up to join the State and Local Cybersecurity Grant Program list serv, please follow the below guidance.
- Visit https://www.vaemergency.gov/divisions/finance/grants
- Click on Sign Up for Grants Email Notifications
- Fill out registration form, and select the State & Local Cybersecurity Grant Program (SLCGP)
State and Local Cybersecurity Grant Program (SLCGP)
Our nation faces unprecedented cybersecurity risks, including increasingly sophisticated adversaries, widespread vulnerabilities in commonly used hardware and software, and broad dependencies on networked technologies for the day-to-day operation of critical infrastructure. Cyber risk management is further complicated by the ability of malicious actors to operate remotely, linkages between cyber and physical systems, and the difficulty of reducing vulnerabilities.
The State and Local Cybersecurity Grant Program (SLCGP) is administered by the Department of Homeland Security (DHS) and funded by the Infrastructure Investment and Jobs Act (IIJA). The SLCGP is a reimbursable pass-through grant program with an overall goal of improving the cybersecurity posture of state, local and territorial (SLT) government organizations. It provides assistance for managing and reducing systemic cyber risk through the following objectives:
- Objective 1: Develop and establish appropriate governance structures, including developing, implementing, or revising cybersecurity plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations.
- Objective 2: Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments.
- Objective 3: Implement security protections commensurate with risk.
- Objective 4: Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility.
Virginia's awards for program year 1 and year 2 represent the beginning of Virginia's journey to achieve these objectives.
Establishment of the Virginia Cybersecurity Planning Committee and the creation and CISA-approved state cybersecurity plan have created the governance and priorities to ensure Virginia's successful achievement of the program's objectives.
Funding
Virginia was awarded more than $12MM in grant funding through year 1 and year 2 SLCGP grant awards.
Driven by the increase in cyber threats, the grants do require states to cover a percentage of the costs with matching funds. In 2022, the Virginia General Assembly appropriated state matching funds, more than $4.9 million.
VITA and our partners, including the Virginia Department of Energy Management (VDEM) serving as the State Administrative Agency (SAA), are collaborating with the Virginia Cybersecurity Planning Committee (VCPC), which was created in response to grant program requirements. The VCPC developed a statewide cybersecurity plan, also as required by the grant program, and will prioritize projects and subgrant awards based on the goals and objectives of the plan.
Virginia Cybersecurity Planning Committee (VCPC)
The VCPC was created pursuant to the Infrastructure Investment and Jobs Act (IIJA), Pub. L. No. 117-58, § 70612 2021), and Item 93(F) of Virginia’s 2022 Appropriation Act. Governor Youngkin appointed the members of the VCPC, who represent state and local stakeholders and have experience in technology and cybersecurity.
Cybersecurity Plan
Virginia's statewide cybersecurity plan, created by the VCPC, represents a continued commitment to improving and supporting a whole of state approach to cybersecurity. The plan also meets the requirement of the current U.S. Department of Homeland Security guidelines for the SLCGP.
The Cybersecurity Plan includes actionable and measurable goals and objectives focused on: inventory and control of technology assets, software and data, threat monitoring, threat protection and prevention, data recovery and continuity, and understanding an organization’s cybersecurity maturity level. They are designed to support the Commonwealth in planning for effective security technologies and navigating the ever-changing cybersecurity landscape.
Cybersecurity Plan Vision for Improving Cybersecurity
- Create a cybersecurity ecosystem supporting a whole of state approach for state and local governments to safeguard critical infrastructure, protect Virginians’ data, and ensure the continuity of essential services.
Cybersecurity Plan Mission
- To further establish and enhance the cybersecurity capabilities of state, local, and tribal government entities in Virginia by providing a framework of technology and services to effectively identify, mitigate, protect, detect, and respond to cyber threats. Through leveraging of shared capabilities, strategic planning, and common technology the Commonwealth of Virginia strives to efficiently and effectively protect the confidentiality, integrity, and availability of critical systems, data, and services that benefit Virginians.
View the 2022 Virginia Cybersecurity Plan.
Current Projects
Program Year 1 Projects
The following projects have been approved by the VCPC and will be implemented using SLCGP funding:
- Management and administration – Funding to provide for the administration, oversight and compliance of the grant award
- Cyber threat indicator information sharing – Funding to establish a Virginia Information Sharing and Analysis Center (VA-ISAC)
- Cybersecurity plan and assessments – Funding to establish the Virginia Cybersecurity Plan and complete a cybersecurity plan capability assessment
- *Now accepting applications* Cybersecurity plan capability assessments application – Funding to conduct baseline assessments against the state-wide cybersecurity plan program objectives
FAQs: State and Local Cybersecurity Grant Program
To learn more about the State and Local Cybersecurity Grant Program (SLCGP), visit frequently asked questions (FAQs).
Contact
For questions about Virginia’s participation in the SLCGP and active projects, contact cybercommittee@vita.virginia.gov
To reach the VCPC, contact cybercommittee@vita.virginia.gov
Call for Advisors
If you have professional experience relating to cybersecurity or information technology and are interested in applying to become a committee advisor, please complete our online application.