While cybersecurity officials hope the funding to be provided to state and local governments through the 2021 infrastructure law over the next several years will help them establish more cohesive, statewide strategies, state chief information security officers said Thursday they have limited time to improve their cyber maturity before those funds dry up.
“We do know that, just like any other program, there’s going to be an end at some point to the funds,” Virginia Chief Information Security Officer Mike Watson said during StateScoop and EdScoop’s Cybersecurity Modernization Summit. “And how we maintain and structure this in the future is sort of the part we’re most nervous about.”
Florida CISO Jeremy Rodgers said maintaining whole-of-state cybersecurity in the Sunshine State over the long term will be helped by a recent one-year $30 million investment of state funds designed to bolster local cybersecurity. But Florida, notably, is one of two states not participating in the new federal grant program, which will distribute $1 billion over four years.
“For me, whole-of-state, they’re not worrying so much where the lines of government exist — whether state or county or local or sheriffs or even special districts, sometimes — but really looking to protect the whole government ecosystem, because obviously the adversaries don’t care,” Rodgers said during the event.
West Virginia CISO Danielle Cox said that, like Virginia’s Watson, officials in her state are also preparing for “the end time,” when federal cyber funding from the infrastructure bill stops.
“We know the funding is going to stop and we have to make sure we’re planning appropriately and preparing those entities that are using that funding,” Cox said. “They’ve got four years to try to start planning as they work through the process. We’re hoping we do it in a strategic manner where they’re putting all the money into the right areas so it’s easier on them at the end of the program.”