A Cybersecurity and Infrastructure Security Agency official said Tuesday that guidelines for a new $1 billion federal cybersecurity grant program serving state and local governments will be ready by late spring or early summer.
Speaking to a National Association of Secretaries of State virtual conference, Tom Filippone, CISA’s deputy director of stakeholder engagement, said that his agency is still developing the framework for the four-year grant program, which was created in last year’s infrastructure spending law and is supposed to distribute its first $200 million tranche before the current fiscal year ends Sept. 30.
Since the infrastructure law’s passage, groups representing state and local officials have pressed their federal counterparts on how the cyber grant program — which will be designed by CISA but formally distributed by the Federal Emergency Management Agency — will work. In recent months, CISA Director Jen Easterly has told mayors and governors that guidance is forthcoming, while the National Association of State Chief Information Officers said getting clarity on the grant program is one of its top federal priorities.
“The program is forthcoming, it does not exist yet,” Filippone said. “It’s going to take a little time to make sure we develop the best program possible.”
He also said that, as described in the Infrastructure Investment and Jobs Act, states will be required to submit formal cybersecurity plans and create planning committees to qualify for the grants. The law also stipulates that 80% of any money states receive under the program must be redistributed to local governments, with rural communities getting 25%.
For cybersecurity planning committees, it stipulates that at least half of members have cybersecurity expertise and that the education and public-health industries be represented. But it was less clear during the NASS session where secretaries of state might fall on that chart. Vermont Secretary of State Jim Condos pointed out that most secretaries, as elected officials, fall outside the their states’ executive branches and may lack relationships with the administrative officers who’ll be tasked with devising cyber grant applications.
“I have to be honest: Many of us do not have the resources just to make this application,” Condos said. “My elections team is five people. I have three people in my IT department. Now I don’t see how I could possibly even have the resources to make the application.”
Filippone replied that election officials can be part of their states’ grant applications when the program finally launches.
“We have heard that. But don’t give up on us yet, sir,” he told Condos. “There will be one application from the state to the federal government that will include individual projects. What we want to see is you be involved in the decision making process at the state level.”
He also said CISA is considering crafting language for the grant opportunity notice “that does encourage additional entities to be part of that planning committee,” including working with NASS to include its members in the forthcoming guidance.