The federal government released a National Cybersecurity Strategy last week. It provides guidelines about how cybersecurity should be used to protect critical infrastructure in America.
The strategy identifies five key objectives that are eligible for funding. The targets include defending critical infrastructure, disrupting threat actors, taking a more active role related to protection, investing in resilient strategies and forging partnerships in pursuit of common goals.
The guidelines will lead to other changes in the near term because the federal government will likely encourage even more rigid rules for cloud security. And more directives designed to incentivize growth in a national cyber workforce are anticipated. The new attention to cybersecurity will result in funding and more opportunities for public-private collaboration. Companies with cybersecurity offerings should be happy to know that the government is preparing to fund projects of all types that build cybersecurity into the design phase. Other types of initiatives eligible for funding support include research and development, supply chain protection, post-quantum encryption, digital identity solutions and international partnerships.
One particularly notable source of funding for cybersecurity efforts is the State and Local Cybersecurity Grant Program (SLCGP). The program is designed to help state, local and government officials safeguard publicly owned and/or operated IT systems. The program will disburse $400 million in 2023 and another $300 million in 2024. Each state is asked to designate an administrative agency responsible for applying for $800 million in federal funding that is available over the next three years. The grant program stipulates that at least 80% of all state allocations must be passed on to local governments.
States are preparing now to capture some of the funding. Minnesota is lining up its resources to ensure eligibility. The state’s most recent capital improvement plan includes $12.5 million in 2024 and $20.4 million in 2025 to cover the required state match for its anticipated $23 million of SLCGP funding.
New rules issued by the Food and Drug Administration (FDA) are also spurring wider investment in cybersecurity projects. The FDA is currently working with the Cybersecurity and Infrastructure Security Agency to establish more rules and standards for cybersecurity at healthcare institutions. The new provisions must be put in place by late December 2024. The focus on hospital systems comes in the wake of recent events, such as the February ransomware attack on a hospital system in Tallahassee, Fla.
The New York state budget was recently released. It features new state funding for cybersecurity. One of the notable items that will be funded is a $500 million investment in grants for technology to improve the cybersecurity posture of healthcare institutions throughout the state.
The state of Idaho will seek a consultant to design and implement a new statewide cybersecurity strategy. The project is the result of an assessment that listed 18 recommendations for cyber attention. Specific improvements will be finalized during the upcoming design stage. Funding comes from a $12 million appropriation that state lawmakers approved for a new cyber response and defense fund.
The California Student Aid Commission received a funding grant for an assessment of network security. The $962,000 in funding will be used to assess the agency’s information technology systems. Findings from the assessment will become a roadmap for cybersecurity upgrades. The agency handles the state’s student aid programs and is currently susceptible to cybersecurity risks.
State leaders in Connecticut have received $8.2 million for new security software. It will be used to address cybersecurity vulnerabilities. The state plans to allocate funding for a new cybersecurity awareness training program that will allow state security to mitigate cyber risks stemming from user error.
Officials at TriMet, the transit agency serving the Portland, Ore., area, will seek a consultant to outline cybersecurity enhancements for the agency. The authority has allocated more than $150,000 for the planning process. Once the required improvements have been identified, the transit agency will invest millions in projects to enhance cybersecurity and also productivity and collaboration.
A design phase for cyber improvements will begin soon in Jackson Hole, Wyo. Planning officials with the airport that serves the region will overhaul the facility’s cybersecurity posture. The Jackson Hole Airport Board recently requested qualifications from cybersecurity consultants to address vulnerabilities and provide on-call technology services. The consultant’s responsibilities will include planning and designing key cybersecurity improvements after vulnerabilities have been identified. Improvement costs will be determined during the subsequent stages of development.
Between $2 million and $5 million will be spent in Texas over the next two years to design an improvement plan for cybersecurity at the North Texas Municipal Water District (NTMWD) which provides waste and water services for the area north and east of Dallas. NTMWD is pursuing cybersecurity upgrades for its Supervisory and Data Acquisition system. A preliminary project list for the effort includes upgrades to cybersecurity at three lift stations. The upgrades will focus on servers, workstations, programmable logic controllers, firewalls, licensed/unlicensed radios, power monitoring devices, cellular modems, network switches and other IP-addressable devices.
Cybersecurity concerns continue to result in new funding sources. Almost every aspect of infrastructure has funding support for projects that will protect networks, transmission lines, roadways, airports, public safety and healthcare systems. The demand is high for private sector firms with cybersecurity expertise and service offerings.