State and local governments that receive grants administered by the Federal Emergency Management Agency will be required to spend at least 7.5% of their awards on cybersecurity, up from a previous minimum of 5%, Homeland Security Secretary Alejandro Mayorkas said Thursday.
The increase translates to about $25 million in new federal support for state and local cybersecurity efforts, Mayorkas said during remarks to the President’s Cup, a DHS competition for cyber professionals in the federal workforce.
Additionally, reflecting an announcement the department made earlier this week, Mayorkas said the Cybersecurity and Infrastructure Security Agency will in the coming months be “evaluating and implementing additional capabilities,” including a potential new grant program supporting state and local governments.
“Our nation’s cybersecurity is only as strong as its weakest link,” he said.
Mayorkas said that while DHS is broadly focused on cybersecurity issues ranging from the continuing fallout of the so-called SolarWinds hack and disruptions of critical infrastructure and industrial systems, he also spent several minutes addressing the ransomware threat to all levels of government and the private sector.
“We’re currently fighting not only the COVID-19 pandemic, but also an epidemic that is spreading through cyberspace: ransomware,” he said. “Criminals and nation-state actors alike have paralyzed cites across our country, from Atlanta to Baltimore, as well as several dozen sheriff’s and police offices.”
He briefly mentioned CISA’s public awareness campaign, noting that ransomware incidents continue to be on the rise, especially against hospitals, vaccine researchers and other segments of the health sector responding to COVID-19.
“Ransomware is not new,” he said. “It has been around for years. What is new is attackers’ methods, ability to make money, and the increased frequency of attacks. Tackling it will require partnership with state, local, tribal and territorial governments and private sector entities.”
The House and the Senate both passed legislation supporting the creation of a CISA-administered grant program during the 2019-20 session, though neither measure became law. The FEMA-backed Homeland Security Grant program is valued at $1.1 billion for the 2021 fiscal year.
While a dedicated cybersecurity grant program remains the top federal priority for the National Association of State Chief Information Officers, the group welcomed the bump from the FEMA program.
“This change will help states with their continuous and ever evolving cybersecurity challenges,” Meredith Ward, NASCIO’s policy and research director, told StateScoop.