A new cybersecurity grant is coming out soon. The Notice of Funding Opportunity (NOFO) has not hit the streets yet, but when it does later this spring (May?), here are some of the details to expect:
- Focus on state and local government
- $1 billion over five years
- $200 million a year
- 20 percent to states and 80 percent to local jurisdictions
- FEMA will administer grants — that means emergency management will be involved
- The Cybersecurity and Infrastructure Security Agency (CISA) will review grant proposals, but likely not at the regional level, only nationally (similar to current maritime grant proposal process)
- An interesting component is that applicants will have to have an Information Security Plan in order to get the funding. I’m not sure who will have those in place already. Similar to the Hazard Mitigation Assistance Grants, jurisdictions have to have mitigation plans in place.
- Perhaps the first round of grants will allow jurisdictions to submit projects to build these plans (this is my personal take)
- I would expect that government utilities will be able to apply
My question is, “What role will state and local emergency management play?” We could simply be grant administrators and act as the “pass through” agency to get the funding out to others. And, who will lead the information management planning process? Will that be outsourced to the information telecommunications staff of every agency/government? I do know that if that happens, the planning will not be holistic in its approach to what a plan could be. How might these plans integrate with private-sector efforts to secure critical infrastructure?
I ask these questions because in my 12 years of being more involved with cybersecurity efforts, I’ve not detected much enthusiasm from emergency managers to the topic of cybersecurity. If you personally have not been engaged on the topic, now is a good time to start. As I wrote as recently as last week, we could have a cyber war coming to the homeland in short order. We need to become more knowledgeable and active in the world of cybersecurity.
Lastly, there is a new phrase out there (new to me anyway): Misinformation, Disinformation and Manipulative (MDM) Information. Add that to your lexicon of acronyms.
Eric Holdeman is a nationally known emergency manager. He has worked in emergency management at the federal, state and local government levels. Today he serves as the Director, Center for Regional Disaster Resilience (CRDR), which is part of the Pacific Northwest Economic Region (PNWER). The focus for his work there is engaging the public and private sectors to work collaboratively on issues of common interest, regionally and cross jurisdictionally.