By Savannah Hulsey Pointer
The Department of Homeland Security (DHS) announced the availability of $374.9 million in grant funding to boost state, and local cybersecurity, according to an Aug. 7 press release.
The funding is for the Fiscal Year (FY) 2023 and is earmarked to be part of the State and Local Cybersecurity Grant Program (SLCGP).
The program is aimed at addressing the escalating cyber threats targeting critical infrastructure and public safety and seeks to enhance cyber resilience among state, local, and territorial (SLT) governments across the United States.
According to DHS, the program, now in its second year, represents a novel initiative designed to fortify cybersecurity measures for SLT governments.
“In today’s threat environment, any locality is vulnerable to a devastating cyber attack targeted at a hospital, school, water, or other system,” said Secretary of Homeland Security Alejandro N. Mayorkas in the press release.
“The Department of Homeland Security is helping to ensure that every community, regardless of size, funding, or resources, can meet these threats and keep their residents and their critical infrastructure safe and secure. These cybersecurity grants will help state, local, and territorial governments do just that, and I strongly urge communities across the country to submit an application.”
Established by the State and Local Cybersecurity Improvement Act and integral to the Bipartisan Infrastructure Law, the program commits $1 billion over four years to help SLT entities bolster their capabilities in detecting, protecting against, and responding to cyber threats.
Noteworthy is the marked increase in this year’s funding allocation compared to the previous fiscal year, which amounted to $185 million.
According to the press release, this financial commitment underscores the collaborative approach of both the administration and Congress in addressing cybersecurity concerns.
“State and local governments are facing increasingly sophisticated cyber threats to their critical infrastructure and public safety,” said CISA Director Jen Easterly in the press release.
“As the Nation’s Cyber Defense Agency, CISA is pleased to make available yet another tool that will help strengthen cyber defenses for communities across the nation and bolster our collective cybersecurity.”
The program is jointly managed by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA). CISA is tasked with providing expertise and guidance pertaining to cybersecurity issues, while FEMA is responsible for managing the grant award and allocation process.
“Building resilience requires more than mitigating against natural hazards,” said FEMA Administrator Deanne Criswell in the press release. “As our threat landscape continues to evolve, the funding provided through the state, local, and territorial cybersecurity grant program will increase capability to help communities better prepare and reduce cyber risks.”
Recipients can utilize the grant funds for various cybersecurity enhancements, including but not limited to cybersecurity planning, workforce augmentation, and enhancements to essential citizen services.
Recent Cybersecurity Threats
Cybersecurity has been at the forefront of concern for a number of those in the Biden administration following a recent breach of U.S. government emails touching a number of inter-administration departments.
Experts in cybersecurity from Microsoft and the U.S. government found a breach in the email systems of 25 organizations earlier this month. Some of these organizations were U.S. government bodies.
Microsoft blamed storm-0558, a hacking group with ties to the Chinese regime, for the security breach, which most likely happened in May. Microsoft says that Storm-0558 got an MSA secret encryption key and used it to make fake access tokens for the Outlook Web Access (OWA) and Outlook.com services.
The U.S. government hasn’t said much about how bad this hacking event really is.
However, reports indicate that Gina Raimondo, the U.S. Secretary of Commerce, and Nicholas Burns, the U.S. Ambassador to China, and Daniel Kritenbrink, the Assistant Secretary of State for East Asian and Pacific Affairs, all had their email accounts hacked.
At a July 12 press briefing, officials from CISA said that no sensitive information was stolen during the hack, and Microsoft assessed that only its Outlook.com and Exchange Online services were accessed.
Pentagon Lost Emails
This is in addition to reports that emails that were supposed to be sent to the Pentagon were actually sent to the African nation of Mali instead. In addition to domestic reporting on the issue, the U.K.’s Ministry of Defense (MoD) in London is investigating emails sent from the U.K. government addresses that were supposed to be sent to the Pentagon, who use the domain name “.mil” where the “i” was committed by mistake, rerouting the correspondence.
The MoD confirmed that an investigation regarding the report of misspent emails took place, but they disputed the claim that the emails included classified information.
The report by the Times of London on the issue made “misleadingly claims that state secrets were sent to Mali’s email domain,” said a statement on the ministry’s account on X, formerly known as Twitter.
“We assess fewer than 20 routine emails were sent to an incorrect domain and are confident there was no breach of operational security or disclosure of technical data. An investigation is ongoing. Emails of this kind are not classified at secret or above,” the statement reads.
The House Committee on Homeland Security did not respond for comment.