Federal Money for States to Improve Cybersecurity May End in New Year
Assuming that happens, expect the attacks on state and local governments to increase. Potentially dramatically.
In 2021 Congress created a four year, $1 billion cybersecurity grant program for state and local governments. Every state but one has made grant requests.
The money dries up at the end of this fiscal year and given the next administration’s efforts to reduce the federal government this could be on the chopping block. On the other hand, this is sort of like a block grant, so it might get renewed.
The government funded $185 million in 2022, $375 million in 2023 and $280 million in 2024.
The way the grants work, 80 percent of the money has to go to local governments in one way or another, so this is really a trickle down model. States have to match an increasing portion of the grants each year, so that means that the states have to ante up as well.
Here is the scary part. Most of the funding falls into one of three categories – training, deploying endpoint protection software or conducting risk assessments. One might have hoped that these items were already handled, but apparently not.
In Connecticut, communities requested $12 million in 2022; The state only had $2.7 million to give out. That is an indication of how bad the state of cybersecurity funding is.
In addition, some folks are reluctant to even participate knowing that the program might suddenly go away.
And, if it does go away, it sends a message to local governments that the feds wish you luck in protecting yourself and your citizens, but you are on your own.
As I wrote the other day, some in the next administration want to spend more money offensively attacking China. That is great but ignores the fact that many of the attacks come from other ostensibly more friendly countries. Like the United States.
At this point no one knows what might happen in the 2025-26 budget, but at least some folks will be pushing for this program to get reauthorized.
If it doesn’t, many of the small governments will not have any cybersecurity program at all. Which hackers worldwide will take note of and say thank you very much. Credit: The Record
by 