Geopolitical tensions have increased significantly over the past few years. In fact, of all the intrusions covered in M-Trends 2023, response efforts for public sector entities captured 25% of all investigations, compared to 9% in 2021. State and local governments have the opportunity to take advantage of federal resources in early October to help thwart these attacks.

Funding the Mandate: SLCGP

As part of its response, the federal government established the State and Local Cybersecurity Grant Program (SLCGP) under the 2021 Infrastructure Investment and Jobs Act. The SLCGP awards grants to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, State, Local, Tribal, and Territorial (SLTT) governments. The total amount is $1 billion, with the grant spending spread over four years. 

The Department of Homeland Security (DHS) has announced the second tranche of funding under the program, totaling $374.9 million for FY 2023. The Notice of Funding Opportunity (NOFO) is now live and accepting applications from states and territories until the deadline of October 6, 2023. The anticipated award date is no later than December 1, 2023.

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Emergency Management Agency (FEMA) collaborated on the grant guidance with support from the Office of the National Cyber Director and the latest National Cybersecurity Strategy, which sets forth a commitment to SLTT governments to offer strategic opportunities for cybersecurity assistance. 

Award recipients may use funding for a wide range of cybersecurity improvements and capabilities, including cybersecurity planning and exercising, hiring cyber personnel, and improving the services that citizens rely on daily. This is a great opportunity to use federal grant dollars to improve the security posture of your SLTT organization based on the program’s objectives for FY 2023:

• Understand your current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments;
• Implement security protections commensurate with your risk profile; and 
• Ensure your personnel are appropriately trained in cybersecurity.

All applicants must demonstrate that they can meet the FY 2022 Cybersecurity Planning Committee and Cybersecurity Plan requirements, which can be found in Appendix B of the NOFO. For FY 2023 Cybersecurity Plans must include (1) assessments and evaluations as the basis for individual projects, and (2) adoption of Cybersecurity Performance Goals (CPGs), which were developed in collaboration with the private sector and released by CISA late last year.

Improving Threat Awareness With a Modern Security Operations Center 

The large attack surface across a SLTT organization makes visibility and situational awareness of the threat landscape paramount. Even governments with mature cybersecurity postures are at risk from the most advanced persistent threat actors who constantly evolve their techniques. As a result, rapid aggregation of security events and real-time sharing of actionable cyber threat intelligence widely across the government sector is necessary to prevent widespread cyber incidents. 

That’s why we’ve developed Chronicle CyberShield to provide government agencies with a solution that integrates threat intelligence, detection, and response. Chronicle CyberShield is unique in enabling multiple government entities to share threat information, accelerate investigations, and initiate a united response proactively and rapidly.

In the digital world, operating a sophisticated and streamlined security operations center (SOC) is at the core of maintaining digital integrity and security. A primary component of Chronicle CyberShield is establishing a modern government SOC, comprising a network of interconnected SOCs to scale and aggregate security threats. This empowers governments to operate a cyber defense center for enhanced detection, protection against major threats, and automated response and incident management across multiple entities. 

Defend Against Tomorrow’s Attacks Today

As part of Chronicle CyberShield, governments can leverage cyber threat intelligence from Google and Mandiant, now part of Google Cloud, to build a scalable and centralized threat intelligence and analysis capability. This is integrated operationally into the government SOC to identify suspicious indicators and enrich the context for known vulnerabilities. 

CyberShield also includes consulting services from Google Cloud and Mandiant to further assist governments. By leveraging Google Cloud’s professional services and Mandiant’s government consulting solutions and expertise, governments can develop core capabilities to improve security governance, upskill talent in government, enhance knowledge sharing and collaboration, and drive effective security operations.

Resources

Contact our experts today for more information on how to access Google Cloud’s professional services and Mandiant’s government consulting solutions and expertise — including Chronical CyberShield — while leveraging resources provided under the State and Local Cybersecurity Grant Program.

CISA and FEMA have made additional support services available under the grant program: 

• SLTTs can reach out to their CISA Regional Staff
• For additional program-specific information regarding programmatical elements, applicants can contact CISA via e-mail at SLCGPinfo@cisa.dhs.gov
• Information regarding funding and budgetary technical assistance, is available at FEMA via e-mail at FEMA-SLCGP@fema.dhs.gov