Two senior statewide technology officials said Tuesday they’re still awaiting details of what programs will be allowed under a new federal cybersecurity grant program that’s coming to state and local governments later this year.
The comments, from Illinois Chief Information Officer Jennifer Ricker and Virginia Chief Information Security Officer Michael Watson, came as state IT leaders — and other officials, like governors and mayors — look to the Department of Homeland Security for guidance on the $1 billion, four-year grant program tucked inside last year’s $1.2 trillion infrastructure law. (Outlining how the grant program will work is also one of the top priorities this year for the National Association of State Chief Information Officers.)
During an online event hosted by MeriTalk, Ricker said she expects rules for the new program — which will require states to distribute at least 80% of their awards to local jurisdictions — will be tighter than coronavirus relief funds issued under the 2020 CARES Act and 2021 American Rescue Plan, which gave states a wide degree of flexibility in spending.
“For the funds that had come previously, it’s been pretty easy for our agency,” said Ricker, who leads the Illinois Department of Innovation and Technology. “We don’t have to deal with the dregs of applications and funds. For the new cybersecurity grant, that’s a little to be seen.”
The Cybersecurity Infrastructure and Security Agency is drawing up the rules for the grant program, though money will be distributed by the Federal Emergency Management Agency, which administers other DHS funding programs. CISA has said guidelines for the the state and local cyber grants will be ready by summer.
Watson said that when the grant program starts flowing, he’d like Virginia to be able “to make efficient use of funds.” Although the Infrastructure Investment and Jobs Act calls for most of the grant money to go to localities, it will require states to submit detailed cybersecurity plans when applying for the program, which Watson suggested could be advantageous.
“We’re optimistic that the process and conditions are going to be reasonable and done in a way that’s going to facilitate a cybersecurity program,” he said. “Cybersecurity centralizes very well.”