One way federal funding flows to states is through the State and Local Cybersecurity Grant Program (SLCGP), which requires states to allocate a minimum of 80 percent to local governments and has prompted varied strategies to ensure equitable fund distribution.
The program currently has funding through 2025, with $400 million released in the 2023 fiscal year, $300 million coming in FY 2024 and $100 million in FY 2025, but states are advocating for an extension, Alex Whitaker, director of government affairs at the National Association of State Chief Information Officers (NASCIO), told Government Technology.
“Though many states are approving spending in their budgets for cybersecurity preparedness, federal funding remains vital for addressing major gaps and vulnerabilities,” he said via email. “Equally important is the knowledge that this funding will continue in the future, as states are reluctant to create and evolve initiatives that may have to end if federal funds are discontinued.”
With the rising influence of generative AI, Whitaker said NASCIO foresees future funding needs for addressing vulnerabilities in K-12 institutions. And as the digital landscape evolves, sustained federal support remains critical for the progress and resilience of state and local governments in securing their digital platforms.
During its first year in the four-year SLCGP, New Hampshire secured $2.5 million in cybersecurity grant funding. However, instead of disseminating the funds to local government agencies directly, state leaders analyzed the specific needs of cities and towns, incorporated feedback gathered, and put the money directly toward resources to fill those gaps.
The 2022-2025 New Hampshire SLCGP Cybersecurity Plan outlines several projects using SLCGP funds, including the creation of hardware tokens and professional services that municipalities, special districts and K-12 schools can use to implement multifactor authentication in their technology environments. Funding will also go to enhanced security training to increase skills and certification levels of IT employees across New Hampshire, special districts and K-12 schools; and to stimulate moving to .gov domains.
“For one project, New Hampshire utilized the federal funds to help promote a campaign to encourage more local governments to transition to the .gov domain via a program called ‘.Gov in a Box,’” Whitaker said of New Hampshire’s “whole-of-state” efforts to fortify defenses through collaboration between local and state agencies. “The program has been extremely successful, increasing the number of communities that have transitioned to .gov.”
Some states choose a straightforward “100 percent pass-through of funds directly to local governments” approach, Whitaker said, but the majority prefer a shared or hybrid method, investing in what cities genuinely require, akin to New Hampshire’s approach.
Texas created a structured application process for local agencies to access SLCGP funding that includes Cybersecurity and Infrastructure Security Agency approval after the initial application submission, followed by an evaluation completed by a state SLCGP Planning Committee.
Despite variations in the state-to-local fund-sharing methods, Whitaker said the overall outcome is positive and accomplishes an important goal.
“The SLCGP encourages states to provide services to communities to maximize resources, and the grant has contributed positively to increased collaboration and communication among all stakeholders,” he said. “Working through the required cybersecurity plans together has brought state and local government officials together for conversations on cybersecurity, and many have credited this with improving trust and coordination.”