Cybersecurity:DHS implemented a grant program to enable state, local, tribal and territorial governments to improve security
Pursuant to federal law, the Department of Homeland Security (DHS) implemented a grant program to help state, local, tribal, and territorial governments address cybersecurity risks and threats. As of August 1, 2024, DHS provided about $172 million in grants to 33 states and territories. The grants are funding 839 state and local cybersecurity projects that align with core cybersecurity functions as defined by the National Institute of Standards and Technology (see figure). The projects include developing cybersecurity policy, hiring cybersecurity contractors, upgrading equipment, and implementing multi-factor authentication. Such projects are essential to identifying risks, protecting systems, detecting events, and responding to and recovering from incidents.
In administering the State and Local Cybersecurity Grant Program, DHS’s Federal Emergency Management Agency (FEMA) and Cybersecurity and Infrastructure Security Agency (CISA) are responsible for reviewing (1) cybersecurity grant applications and (2) applicants’ proposed cybersecurity projects. GAO found that the review and selection processes used by these agencies met the law’s specific requirements. For example, CISA used a checklist to validate that applicants’ cybersecurity plans contained 16 elements required by the act.
GAO also found that seven selected applicants met the grant program’s eligibility requirements, with allowed exceptions. For example, applicants were allowed to submit investment justifications without detailing project-level information if they were not yet ready when the applications were due. In these cases, DHS held awarded funds until applicants addressed requirements.
Selected state and territory officials had positive feedback about the grant program, such as FEMA’s willingness to make improvements to the application process. Officials also noted challenges, including sustaining cybersecurity projects after the grant program ends. For example, officials from three states emphasized the importance of reauthorizing the program. However, officials from other states said that they plan to use other federal grant programs or state and local-level funds to continue funding cybersecurity projects.
Read more at GAO