Cybersecurity grants are ‘at the goal line,’ says New Hampshire CIO

The long-awaited outline for a new federal cybersecurity grant program aimed at state and local governments might show itself soon, New Hampshire Chief Information Officer Denis Goulet said Thursday.

Goulet and his fellow state CIOs have been waiting since last November, when President Joe Biden signed a $1.2 trillion infrastructure spending law, for instructions on how the four-year, $1 billion grant program — fulfilling one of state CIOs’ longtime goals — will work. Under the law, an initial $200 million tranche is to be distributed by the end of the current fiscal year, a period that expires Sept. 30.

The Department of Homeland Security’s continued delays in publishing that guidance led NASCIO Executive Director Doug Robinson to suggest last month that states will need an extension on carrying out the grant program’s first year. But Goulet told StateScoop’s IT Modernization Summit on Thursday that he’s heard “encouraging” things lately.

“We think instead of what felt like further push-off we might be getting close to the goal line. I certainly hope we are,” he said. “We’ve been trying to prepare the policymakers align the things we need to access these funds.”

Even as Goulet and his counterparts around the nation have spent months drafting statewide plans to administer cybersecurity grants to localities and convening governance boards, the wait for DHS has had an impact.

“Not having certainty on details about the when and other key details has made it hard for us CIOs to lock and load,” he said. “In some ways it reflects on us, because people think there’s money out there and we aren’t accessing it, and there really isn’t — yet.”

But the cybersecurity grants story is also just the latest episode in state CIOs’ role over the past two-plus years in navigating unprecedented federal assistance, beginning with the CARES Act in March 2020, passed amid the initial response to the COVID-19 pandemic.

In New Hampshire, Goulet said Gov. Chris Sununu’s office set up a program to oversee grants from the CARES Act, which sent $150 billion directly to state and local governments to cover expenditures related to their pandemic response. That function was rolled extended in 2021 to oversee grants funded by the American Rescue Plan Act.

“We have a really experienced crew running the grant program,” Goulet said.

That enabled him to deliver on an initial wave of Rescue Plan-funded projects that was “was not exciting for most people but exciting for me.”

“Networking, backups, cybersecurity,” he said. “Nobody argued boring infrastructure stuff wasn’t important as we were coming out of COVID.”

Goulet said New Hampshire’s slice of the American Rescue Plan is now being used on more outward-facing projects, like a new professional licensing portal. But, he said, state IT leaders should keep in mind that ARPA funds run out at the end of the 2026 fiscal year.

“As we go further and further into having the clock tick down, the complexity of the projects we undertake has to reduce,” he said.