On September 16, 2022, the State and Local Cybersecurity Grant Program (SLGCP) formally opened, kicking off a four-year, $1 billion program created as part of the Infrastructure Investment and Jobs Act (IIJA). Funding from this program helps eligible entities address cybersecurity risks and threats to information systems owned or operated by state, local, territorial or tribal (SLTT) governments.
The grant program is a welcome source of funding for governments to better defend against evolving cyber threats such as ransomware and data breaches. The most recent Zscaler ThreatLabz Phishing report shows a 110% increase in phishing attacks for government in 2021, and the ThreatLabz State of Ransomware Report shows a 37% increase in double extortion ransomware attacks.
In FY 2022, $185 million is available to SLTT governments through the grant program, with allocations set for each state and territory. However, governments must think about how to optimize the funding opportunities over the course of the full four years, as grant allocations double in 2023, then decrease slightly in 2024 before scaling down for the final year in 2025.
How Zscaler can help
Most of our customers have been anticipating the SLCGP, and have already established the required Cybersecurity Planning Committee that coordinates, develops and approves a government’s Cybersecurity Plan. Zscaler is serving as a resource to SLTT governments in a variety of ways including:
- Consulting on your Cybersecurity Plan, mapping zero trust solutions to the requirements of funding.
- Enabling Zero Trust security for the Whole of State in a shared services model through a multi-cloud security platform.
- Providing zero trust architecture solution language for the application process.
- Educating stakeholders on zero trust architecture.
- White-boarding with solution architects to map out a multi-year transition to zero trust architecture.
- Constructing cost-benefit analyses with our business value team.
- Conducting risk assessments to identify high priority cyber risk vulnerabilities.
- Providing StateRAMP authorized zero trust solutions.
Trusted by over 300 public sector organizations, Zscaler has proven, deployed Zero Trust Exchange security solutions at every level of government. Here are a few examples.
State of Oklahoma
- Challenge: Improve efficiency for users, reduce time to deploy new tools and services, strengthen and standardize cybersecurity posture to support a permanent hybrid workforce.
- 30,000 users; 90 agencies.
- Outcomes: 5Xs faster connections than VPNs; 17.6 million policy violations and 390,000+ security threats blocked.
New Jersey Courts
- Challenge: Adopt a zero trust approach to meet the demands for both on-premise and remote operations and provide court services regardless of an employee’s location or device.
- 10,000 employees; 140,000 users.
- Outcomes: Increased number of virtual courtrooms from 40 to 400; estimated $10.7 million reduction in technology costs.
City of Los Angeles
- Challenge: To become a fully digital and connected city by delivering critical city services regardless of location through enable employees to use any device from home.
- 50,000 employees servicing 4 million citizens and 503,000 businesses.
- Outcomes: Deployed a work-from-anywhere platform in less than 2 weeks; moved 18,000 employees from in-office to remote workplace.
City of Boston
- Challenge: Move infrastructure, applications, and data securely to the cloud to modernize services and reduce data center footprint.
- 5,500 users serving 4 million citizens.
- Outcomes: 33.1 million access policy violations prevented; 1.2 million security threats blocked.
For those who aren’t familiar with the State and Local Cybersecurity Grant Program, below is a high level overview. More information can be found at the Cybersecurity & Infrastructure Security Agency (CISA) website.
- 4-year, $1 billion grant program.
- Enables DHS to make targeted cybersecurity investments in state, local and territorial government agencies.
- Goal is to improve security of critical infrastructure and resilience of services provided to communities through four objectives:
- Governance and Planning: Develop and establish appropriate governance structures, as well as plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations.
- Assessment and Evaluation: Identify areas for improvement in SLTT cybersecurity posture based on continuous testing, evaluation, and structured assessments.
- Mitigation: Implement security protections commensurate with risk (outcomes of Objectives 1 and 2), using the best practices as described in element 5 of the required 16 elements of the cybersecurity plans and those further listed in the NOFO.
- Workforce Development: Ensure organization personnel are appropriately trained in cybersecurity, commensurate with their responsibilities as suggested in the National Initiative for Cybersecurity Education. A Cybersecurity Plan must be prepared for the grant application including vulnerability management, prioritization and critical infrastructure protection.
- The designated State Administrative Agency (SAA) can apply as a single entity or as part of a multi-entity group project.
- FY 2022, $185 million is available with allocations set for each state and territory.
- Total funding is $200 million FY2022, $400 million FY2023, $300 million FY2024, and $100 million FY2025.
- Each designated State Administrative Agency (SAA) must meet a 10% non-federal cost-share requirement; cost share or cost match is NOT required for multi-entity group projects.
- The SAA must pass through at least 80% of the funds awarded to local units of government.
- 25% of the total state allocations must support rural entities.
How to apply
The application process is multi-step as follows:
- September 16, 2022 - grant opportunity posted.
- Registration is required to apply and can take four weeks or more to complete.
- Cybersecurity Plan prepared for application including vulnerability management, prioritization and critical infrastructure protection.
- November 15, 2022 - application due.
- Two or more SAAs may apply for joint projects, but they still must submit separate applications.
For more information on the State and Local Cybersecurity Grant Program, contact Zscaler today to discuss how we can help with your application.
White Paper: Adopting a Whole of State Zero Trust Approach
Defending Government Against Ransomware Attacks
Zscaler Public Sector At a Glance