New Mexico this week took one of the first major steps toward applying for a new federal cybersecurity grant program when Gov. Michelle Lujan Grisham issued an executive order creating a cybersecurity planning committee.
The committee, which will include at least 13 members representing state, local and tribal governments, and New Mexico’s business community, will be responsible for developing a broader cybersecurity strategy for the state and advising the governor on information security policy.
It’ll also fall on the committee to draw up a plan for how the state will make use of the Department of Homeland Security’s new State and Local Cybersecurity Grant Program, the $1 billion, four-year fund created by last year’s infrastructure law. New Mexico Chief Information Officer Peter Mantos said he will play a leading role in that process.
“Foremost is making sure we have the correct players at the table,” Mantos said in an interview Thursday. “I do think in this executive order, we do indeed have the correct entities identified and we also have some flexibility for adding more people when they come up.”
‘Keeping the lights on’
While Mantos said he is not New Mexico’s resident expert on cybersecurity — that’s the state’s chief information security officer, Raja Sambandam — he said he’s made security a topmost priority since joining Lujan Grisham’s cabinet in June. Those early efforts have included new user authentication requirements and training, rolled out in the wake of cyberattacks at the start of the year that compromised Bernalillo County, the state’s most populous county, and Albuquerque Public Schools.
Mantos said Thursday he’s hopeful the grant funding can help the New Mexico Department of Information Technology better protect all sectors across the state.
“When we talk about keeping the lights on, the primary threat to conducting business is the cyber threats,” he said. “It’s true for our schools, our local governments, it’s true for businesses. We want to be able to help them as well, even as though that’s not specifically part of our mandate. We’re going to do this with or without the help we get.”
New Mexico’s current state budget included $5 million for cybersecurity, half of what Mantos said he initially proposed.
Additional funding from the grant program, which is being overseen by DHS’s Cybersecurity and Infrastructure Security Agency and Federal Emergency Management Administration, could help Mantos further some other priorities. One of those is to open a statewide security operations center that can respond to incidents and provide guidance to local governments and other entities.
“We are very interested in having that centralized staff not only for our state agencies but also as some guidance for local governments and schools and tribes,” he said. “We’re looking for ways to collaborate more strongly.”
A ‘hard push’
The planning committee is a prerequisite for New Mexico to qualify for the DHS grant program. Under the terms of the program, every state is required to create a panel that includes representatives from the governor’s office, the IT agency, public education or health departments and local governments. DHS’s guidance for the program also recommends including local CIOs and CISOs, secretaries of state or other election officials, critical infrastructure operators, emergency operations officials and National Guard officers, among others.
New Mexico’s planning committee is set to include Lujan Grisham or a designated representative, Mantos, Sambandam, state Homeland Security Secretary David Dye, a tribal leader and the National Guard’s adjutant general, as well as information security officials from the state Higher Education and Health departments, a local school district, the state’s private sector and city and county governments.
Mantos said the inclusion of tribal governments on the committee is especially important in New Mexico, where the Native population accounts for 11% of the state.
“Let me tell you, too often we don’t think about the tribes up front,” he said. “Much like we’re doing in broadband, an element of this is going to be outreach.”
Lujan Grisham’s order said the planning committee will hold its first meeting by Nov. 1 and develop its grant plan by Nov. 10. Applications are due to FEMA by Nov. 15, which Mantos called a “pretty aggressive” window.
“It’s a hard push, but it’s exactly what we’re going to ask our committee members.”