While state and local technology officials are still waiting on the federal government for guidance on how a new $1 billion cybersecurity grant program will work, some local governments worry about whether they’ll benefit from the money at all, government IT experts said Thursday.
Alan Shark, executive director of CompTIA’s Public Technology Institute, said during an online event that the grant program’s competitive process — states will redistribute 80% of their total awards to their political subdivisions that apply for aid — could have some smaller, less-resourced communities asking “familiar” questions.
“‘What if I don’t have the expertise to apply for these grants? Are we going to get left out?'” Shark said.
Trends in cloud, telework
Shark made the comments during an annual briefing, cohosted with Doug Robinson, executive director of the National Association of State Chief Information Officers, on the year ahead for state and local IT. Both previewed what their organizations’ members expect to focus on in 2022, including retaining tech talent in the public-sector workforce, more modernization — especially of unemployment insurance systems, which spent the pandemic battered by heavy demand and riddled with fraud — and making use of new federal funds for broadband expansion.
Robinson said only about half of states have invested in “modern” unemployment platforms, with many still running on decades-old mainframes. But many more state-government leaders have become comfortable with shifting to cloud services, he said.
“Ten years ago, states were mostly opposed to cloud platforms because of security issues,” Robinson said. “Now they’re realizing those cloud environments are more secure than those on-premises solutions.”
Shark, meanwhile, said he expects his local-government members are going to “have to outsource more than ever,” especially as cybersecurity remains a top and growing concern, and dependency on cloud services expands. He also pointed to what he called a growing crisis in the workforce as more workers consider quitting, especially as organizations dial back their pandemic-era telework policies.
“Pulling back on remote work is kind of problematic to retain people,” he said. “For the first time they’re saying it’s not always money. It’s the burnout factor, putting in the hours not feeling appreciated.”
‘Room to grow’
But it’s on cybersecurity and the new grant programs where many questions remain. Shark cited a recent CompTIA survey finding that more than half of his members rate their cybersecurity relationships with their state governments as “fair” or “poor,” though the upcoming grant program could address those divisions.
“There’s room to grow. We hope we can figure out some mechanisms,” he said. “Possibly the grant programs can help with that.”
Robinson noted that obtaining guidance on the grant program, which passed last year as part of a $1.2 trillion infrastructure spending plan, is one of NASCIO’s top federal priorities and that the Cybersecurity and Infrastructure Security Agency is working with the Federal Emergency Management Agency — which will administer the $1 billion program — on developing guidelines. (CISA Director Jen Easterly confirmed as much last week.)
But Robinson also said that because the grant program’s first tranche of $200 million won’t land in states’ coffers until very late in the current fiscal year, it’s “basically a rounding error” for budgets, impacting how governments use the money.
“I think a lot of states will focus on risk assessments and vulnerability assessments and hygiene perspectives,” he said. “They’re going to want to know what’s going on on the ground before they start spending on boxes.”
Shark replied that even as governments wait on the grants, there’s work that can be done in advance.
“This is the time to take stock,” he said. “Figure out what is your shopping list and start developing the rationale for it so you can see how it aligns. It starts with inventory and asset control.”