State and local government (SLG) organizations are increasingly the target of cyber-attacks that can impact and disrupt citizen services. In 2021, President Biden signed the Infrastructure Investment and Jobs Act (IIJA). This act helps provide funding for state, local and academic institutions to help them implement system redundancy, update and enhance system security for critical infrastructure services.

IIJA fostered the creation of the State and Local Cybersecurity Grant Program (SLCGP), which provides funding to eligible entities to mitigate cybersecurity risks and threats to information systems owned or operated by, or on behalf of, state, local or tribal governments. SLCGP allocates $1 billion distributed over four years to help support state, local and tribal agencies in the implementation of cybersecurity best practices.

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released the FY 22 Notice of Funding Opportunity (NOFO), which provides more details for how to  apply for SLCGP funding. The funding opportunity requires participants to prioritize the establishment of a cybersecurity planning committee, the development of a statewide or local cybersecurity plan, perform security assessments, and the adoption of cybersecurity best practices.

This blog post provides guidance and recommendations for state and local governments in South Carolina, North Carolina and beyond as to some of the requirements and resources your state, city, or local government should consider as your organization strives to meet the SLCGP funding requirements. Note: the SLCGP funding’s overall per state allocations are not sizable enough for each local organization to implement their own security measures effectively. Participating state and local government entities should take a strategic and enterprise approach to leverage these funds in a manner that will make a broader impact in risk reduction, and to make their infrastructure more resilient.

THE SLCGP FUNDING REQUIREMENTS

SLGCP has a tight 60-day window for submission, therefore, grant program participants need to act quickly while meeting the requirements of the grant application.  This grant program requires 80 percent of the funds to be allocated to local governments. For those entities pursuing the grant for enterprise initiatives, like consolidated IT programs, approval from local government representatives maybe required. The SLCGP also includes stringent grant reporting requirements that must be adhered to for success. These reporting requirements may be considered cumbersome to some smaller local government participants that may not have a grants office or knowledgeable staff to support these efforts. Local government organizations can consider leveraging the statewide grant offices to support meeting the grant application and reporting requirements.  As well as Creative Consultants Group (CCG) can assist with reporting requirements and with guidance of aspects of the application process.  We are therefore reaching out to all cites and counties in North and South Carolina to offer our assistance in maximizing your benefits.

CONSIDERATIONS TO HELP MEET THE SLCGP FUNDING OPPORTUNITY

Government entities must apply for SLCGP funds before the deadline on or before Nov. 15, 2022. As the SLCGP require establishing a cybersecurity planning committee, the following are recommended approaches for a cybersecurity planning committee to consider to secure funding:

1. Streamline and standardize cybersecurity solution procurement and operations to speed implementation and reduce costs

Government entities can take advantage of independent software vendors’ (ISV) solutions that can provide visibility, integration, automation, and protection at scale. However, the cybersecurity planning committees in charge of reviewing and submitting requests for these solutions should prioritize reducing various agencies’ requests — rather, they should look broadly across all requests to identify repeated themes and focus on areas that can scale across agencies and departments. In taking this approach, states can standardize capabilities and better operationalize threat data that they can use to make actionable decisions. Ransomware is one of the most predominant cyber security threats for state and local government (SLG) organizations, so having an integrated system that allows for simplified operations and automated response can benefit SLG covered entities that are resource constrained. Committees can utilize CCG’s advanced security tier including our SentinelOne Singularity and fully staffed Security Operations Center (SOC) to provide the level of protection and reporting required to effectively mitigate Ransomware threats.

2. Implement immutable and geographically redundant offsite encrypted backup services with automated testing capabilities 
   One of the key components to increase resiliency, reliability, and offer low-cost disaster recovery are centralized immutable backup offerings form CCG. Our immutable and offsite backup services can automate data protection across your enterprise regardless of whether they are on premises or in the cloud. Our backup services secure your backups by encrypting your data in transit and at rest, which reduces risk of data compromise.
   
   
3. Prioritize resiliency for your infrastructure 
   SLG organizations looking to secure SLCGP funding may consider prioritizing resilience for their infrastructure. Organizations can build resilience and an effective data strategy with various CCG services including automated failover, internet redundancy, and cloud services such as our Microsoft 365 services along with 365 Cloud Security monitoring, alerting, and automated mitigation services.
   
   
4.  Implement required, managed, and monitored cybersecurity training
   The NOFO requires covered organizations to adopt cybersecurity best practices and implement cybersecurity awareness training to be eligible for funding. SLG entities must have a fully capable cybersecurity training program that can track employee completion and provides testing/ reporting capabilities for continuous improvement. CCG’s advanced security tier includes this service at no additional cost, or you can purchase this training separately if desired. The training offers easy lessons on cybersecurity-related topics like secure communication, data classification, phishing, physical security, social engineering, data privacy, third-party/application security, laptop standards, data protection data, and acceptable use, as well as simulated phishing tests that track which users performed tasks that they should not have, which would ultimately put your organization at risk. This testing helps you target which employees may need further training and helps you reinforce to your entire employee base any topics which maybe at issue or greater risk.  Our enhanced training also meets accessibility requirements.
   
   

5. Think long-term with a modernization strategy

   Lastly, for subsequent year SLCGP efforts, SLG organizations should focus on long-term strategies, like local and statewide modernization of critical applications and infrastructure. Covered entities can use various onsite and cloud services to help meet the NOFO requirement to implement best practices like implementing zero-trust architecture, which can further support efforts to secure citizen data while enhancing the citizen experience.

   CONCLUSION

   State and local governments throughout North and South Carolina should not be deterred by the grant submission timeline and reporting requirements. This funding opportunity can help implement local and statewide risk mitigation strategies to protect government and citizen data privacy, secure your infrastructure and serve to protect citizens across South.

   Do you have questions about how your agency can use Creative Consultants Group’s Advanced Security Products to support your cybersecurity goals? Call us today at 843.438.1649 or visit http://ccgpro.com.