Leveraging Government Grants to Enhance Critical Security Systems
Are you looking to enhance your government organization’s critical security systems? The Biden-Harris Administration’s Bipartisan Infrastructure Law, also known as the Infrastructure Investment and Jobs Act (IIJA), allows organizations to receive government grant money for improved cybersecurity.
The Bipartisan Infrastructure Law, passed in 2021, made possible the State and Local Cybersecurity Grant Program (SLCGP) and the Tribal Cybersecurity Grant Program (TCGP). In 2022, it was announced that the law would provide $1 billion in funding for state, local, tribal and territorial (SLTT) governments nationwide over four years, starting with $200 million for fiscal year 2022. In the fiscal year 2024, $300 million in funding is appropriated to address the security needs of systems owned or operated by SLTT governments.
What are Government Grants for Security?
Government grants aim to provide financial assistance to fund projects that serve the public. Grantees are not required to repay grant money but must use it for the stated purpose of their project. Security system-based grants are directed toward mitigating cybersecurity attacks. In 2024, the average U.S. data breach costs $9.36 million. The SLCGP and the TTCGP, made possible by the IIJA, provide funds so that government agencies can secure sensitive data, protect against hackers and avoid financial burdens. The following organizations within the DHS implement this authority:
â—Ź The Cybersecurity and Infrastructure Security Agency (CISA)
â—Ź The Federal Emergency Management Agency (FEMA)
What can Security System Grants be Used For?
As technology advances, cybersecurity systems grow stronger and more complex. Unfortunately, so do cybercrime methods. Every day, cybercriminals learn new hacking, scamming and phishing methods, putting many public security systems at risk. According to cybercrime data, 54% of phishing attacks on global organizations led to data breaches in 2021. This leads to billions of dollars worth of financial losses — and it is only one form of cybercrime.
Federal grants can be used for a variety of cybersecurity practices and safety strategies, including:
â—Ź Creating strategies to prevent, detect and correct security risks and failures.
â—Ź Hiring cybersecurity personnel with expert experience in computer systems, networks and data to help update networks, perform audits and improve security.
â—Ź Improving security services by investing in updated security systems, software and new technology designed to prevent and monitor cybercrime.
How to Apply for SLCGP Grants Before the start of each fiscal year, the DHS sends out a Notice of Fund Opportunity (NOFO) announcing the eligibility of all 56 states and territories for the grants. If you meet the eligibility requirements, you can apply for a grant. It’s important to note that only established State Administrative Agencies (SAAs) for states and territories may apply for grant awards.
1. Work With the Cybersecurity Planning Committee
According to the Homeland Security Act of 2002, amended by the Bipartisan Infrastructure Law, grant recipients must establish a Cybersecurity Planning Committee to support the development of their Cybersecurity Plan.
2. Develop a Cybersecurity Plan and Create an Application
Applications must address one of the four program objectives outlined in Section A of the NOFO.
Another important part of the application is the Cybersecurity Plan. The Cybersecurity Plan is a statewide document that details how the funds will help you protect against cybersecurity threats, hackers and data breaches.
A thorough Cybersecurity Plan is crucial to receiving grant money and must be approved by the Cybersecurity Planning Committee and the chief information officer (CIO) or the chief information security officer (CISO). It must include the following:
â—Ź Existing plans to protect against threats to information systems
â—Ź Description of individual responsibilities of state and local governments
â—Ź Assessment of required elements from an entity-wide perspective
â—Ź Outline of resources and timeline
â—Ź Summary of associated projects
● Metrics to measure progress Applicants can apply for a grant through FEMA’s Grant Outcomes (FEMA GO) System. Applicants with a CISA-approved Cybersecurity Plan seeking grant renewal can email their current Cybersecurity Plan to [email protected] no later than January 30, 2025, noting any revisions since the last approval. CISA and FEMA will review each submission.
3. Implement Cybersecurity Best Practices
CISA recommends implementing more advanced best practices before, during and after applying for a government grant. The following practices will boost your chances of receiving a
grant and help add additional security to your system. To increase your chances of receiving a grant:
â—Ź Add multifactor authentication.
â—Ź Use enhanced logging.
â—Ź Use data encryption.
â—Ź Remove unsupported software.
â—Ź Restrict default password usage.
â—Ź Add backups.
â—Ź Engage in rapid bidirectional sharing.
â—Ź Transition to the .gov internet domain.
How to Effectively Create a Grant Proposal
Ensure your goals align with the grant program to increase your likelihood of approval. For example, current government priorities include national security and public data protection. You can focus your proposal on these components to increase your chances of approval. Risk assessment is another important factor for government entities when deciding where to allocate funds. Funders want to award grants to applicants that meet their requirements and goals. Government grantmakers might assess your financial stability, experience complying with program requirements, relationships with grantmakers and ability to address audit findings. By understanding what grantmakers look for, you can improve your proposal and increase your likelihood of funding approval.
Apply for a Government Grant to Improve Your Security System
Federal grants are designed to help eligible organizations. If you want to improve your security system and reduce your organization’s risk of cyberattacks, look into the SLCGP. All it takes is one phishing scam or cybercriminal to put your private government data in danger — apply for a government grant to put your security first.
