3 Ways the State and Local Cybersecurity Improvement Act Helps Government Cybersecurity Teams

Don’t read this if you love having a strapped budget, pulling all-nighters, and totally flying blind in the threat landscape.

In July 2021, Congress passed the State and Local Cybersecurity Improvement Act*, which finally introduced a federal-level perspective on the status quo of cybersecurity in state and municipal governments.

Don’t worry, we’re not going to make you read the entire thing.

The act outlines major challenges facing these resource-strapped teams, their impact on other critical infrastructures within the nation, and also outlined specific definitions of key terms (such as cybersecurity plan and cybersecurity committee). It also introduced an avenue for essential funding via the State and Local Cybersecurity Grant Program (SLCGP) run by the State and Local Cybersecurity Resilience Committee.

Here’s the TL;DR: It’s a really good thing.

With concrete guidelines and financial resources stipulated, the Improvement Act makes it clearer than ever how state and local security pros can effectively set up (and support) the cybersecurity strategies they need to stay secure.

Perhaps even more critically, the act gives resource-strapped teams greater confidence in building out cybersecurity strategies by providing them with clear, concrete definitions of the essential parts of a cybersecurity program.

Finally—a law that actually helps you instead of making your job harder!

There’s a lot more for resource-strapped security departments to jump for joy about. Smaller IT teams can specifically benefit from the act through three of its critical components:

1. Clearer definitions and requirements for cybersecurity plans 

One of the greatest gifts of the State and Local Cybersecurity Improvement Act is the initial section clearly defining what constitutes a cybersecurity plan—including its critical components as well as what governing agencies are qualified to approve them.

According to the act, state and local governments must submit drafts of their plans to the Secretary of the grant program. These teams must also establish a formal cybersecurity committee and identify its members in the grant program application. 

Keep in mind: Submission is required for any entities that request eligibility and aim to apply for the grant program.

According to the act, all cybersecurity plans in consideration must fulfill the following requirements:

• Incorporate existing plans for protecting against cybersecurity risks and threats
• Describe how the entity will manage, monitor, and track information systems, applications, and accounts for cybersecurity purposes
• Detail how the entity will monitor, audit, and track activity between systems
• Outline the resources needed and timeline proposed for the plan
• Describe how the eligible entity will measure progress throughout the plan

We know you probably spilled coffee all over your keyboard reading all of that. If you (and your computer) are still here with us, take a few deep breaths. Building out a cybersecurity plan isn’t as tough as it seems when you have the right expert personnel working with you—which is another initiative concretely defined in the act. 

2. Transparent requirements for cybersecurity committees

The act also touches on the establishment of cybersecurity committees, which are required for entities hoping to apply for the grant program.

These cybersecurity committees are responsible for continuously auditing and improving the aforementioned cybersecurity plans, in addition to ensuring the fulfillment of security policies and goals across the entity. The committee is additionally responsible for determining the appropriate funding priorities for any grants given through the State and Local Cybersecurity Grant Program.

Here are the committee requirements stipulated by the act:

• Compromising eligible entity and counties, cities, towns, Tribes, and public educational and health institutions within the jurisdiction of the eligible entity
• Including representatives of rural, suburban, and high-population jurisdictions
• Ensuring no less than 1⁄2 of the representatives of a committee established have professional experience relating to cybersecurity or information technology

The act helps state and local governments think carefully and strategically when establishing their cybersecurity committees, ensuring they comprise members representing both existing cybersecurity expertise and the best interests of a variety of constituents. 

It also helps state and local teams innovate cybersecurity strategies specifically addressing their localized issues (which always makes for a better, more effective program), as opposed to creating generalized cybersecurity strategies that might neglect major challenges or concerns.

3. More accessible funding via a dedicated federal grant program

The establishment of the State and Local Government Cybersecurity Grant Program is perhaps the most critical benefit provided in the State and Local Cybersecurity Improvement Act for resource-strapped IT teams. The act states the grant program, organized by CISA and FEMA, will make a total of $1 billion available to eligible entities over a four-year period, with the entities providing over $347.9 million in funding last year alone.

Previously, funding options were severely limited. While there were 27 grant programs managed by eight separate federal agencies that resource-strapped teams could utilize—however, none of them were specific to cybersecurity or built to support cybersecurity needs.  

The State and Local Government Improvement Act introduces a new level of rigor to entities hoping to qualify for federal grants that can support cybersecurity initiatives. It also introduces a new level of dedication to cybersecurity initiatives from the federal government proper. 

Best of all—it means that IT leaders don’t have to waste time writing tedious application essays about how a completely random grant mission applies to their cybersecurity needs.

The act grants state and local government cybersecurity teams access to the federal funding necessary to accelerate cybersecurity initiatives and meet their cybersecurity goals, keeping them more secure in an evolving threat landscape. 

Greater opportunities mean greater responsibility

The State and Local Cybersecurity Improvement Act opens up a major avenue of cybersecurity funding through the SLCGP, which holds the potential to be a major game-changer for resource-strapped IT teams. While the act presents greater opportunities, it also charges state and local government IT teams with more responsibility. 

As such, state and local governments must pay careful attention to the eligibility requirements for the grant program—including the establishment and approval of a formalized cybersecurity plan and cybersecurity committee. That way, they can create a clear game plan that helps them secure the funding they need to meet their cybersecurity goals.

It’s time to take the leap and build out a better-funded cybersecurity program. Discover our detailed guide on government cybersecurity for insights on selecting the right cloud SIEM to align with NIST guidelines. Learn how your teams can ace the State and Local Cybersecurity Grant Program application and get in on the federal initiative to invest in cybersecurity. It’s bipartisan—so don’t worry about getting plagued by nightmares of the next filibuster.

*https://www.congress.gov/bill/117th-congress/house-bill/3138/text

# local government, grants, cybersecurity improvement act, State and Local Government