The rising tide of cyberattacks and data breaches poses significant challenges to state and local governments, with rural cities and counties facing unique vulnerabilities based on their relative lack of cybersecurity resources. In this context, the role of grant programs, particularly the State and Local Cybersecurity Grant Program (SLCGP), becomes increasingly crucial in fortifying the cyber defenses of government entities because it compels state grantees to concentrate grant funding on the unique vulnerabilities of local and rural jurisdictions.

The landscape of cybersecurity for government systems is evolving rapidly. State and local governments, irrespective of their urban or rural nature, face distinct challenges in maintaining robust cybersecurity protocols. The dispersed nature of some communities can make coordination and implementation of comprehensive cybersecurity measures more complex, underscoring the need for adaptable and scalable solutions. Rural cities and counties, often with limited technical and staff resources, and smaller populations, face distinct challenges in maintaining robust cybersecurity protocols.

The scale of the challenge: Government cybersecurity breaches

Due to the reasons mentioned previously, government systems are uniquely vulnerable to the escalating threat of cyberattacks. Historical statistics highlight the severity of the challenge:

1. Cyber-attacks targeting governments increased by 95% worldwide in the second half of 2022, as compared to the same period in 2021.
2. In 2022, government systems accounted for 6% of all ransomware attacks worldwide.
3. Data breach costs in governmental public sectors escalated by 7.25% in 2022, with average total costs jumping from $1.93 million to $2.07 million.

The role of grant programs in enhancing cybersecurity

Grant programs serve as instrumental tools in supporting government cybersecurity efforts, providing essential resources, and delivering a lifeline for rural cities and counties grappling with unique challenges. Both at the federal and state levels, these programs play a pivotal role in providing financial assistance to bolster state-funded cybersecurity initiatives. For governments with limited resources, the impact of these grants can be transformative, offering the resources needed to build and sustain effective cybersecurity defenses.

State and Local Cybersecurity Grant Program (SLCGP) in detail

The SLCGP – designed by CISA, the federal agency that addresses cybersecurity for the government, to address the specific needs of state and local governments – becomes particularly relevant for resource-constrained communities. The program recognizes the challenges faced by cities, counties, and states, and allocates funding to tailor cybersecurity measures to their size and circumstances. This targeted approach aims to bridge the digital divide and help ensure that even the smallest and most rural entities can effectively protect their critical infrastructure.

Key Achievements and Impact of the SLCGP

The impact of the SLCGP on government cybersecurity will be pronounced in oft-forgotten rural areas because 80% of grant funds must flow into localities and 20% of that must reach underserved rural communities. By providing much-needed financial and functional support, the program is starting to enable cities and counties to implement cybersecurity measures that might otherwise be out of reach. Success stories are beginning to underscore the program's effectiveness, demonstrating tangible improvements in the cybersecurity posture of participating entities.

Challenges and future considerations

While the SLCGP is expected to achieve notable success, it's crucial to acknowledge the ongoing challenges faced by governments. Limited resources, a smaller talent pool, diverse IT environments, and the digital divide are factors that demand ongoing attention. The SLCGP and similar grant programs must remain attuned to these challenges.

What does CohnReznick think?

The importance of cybersecurity in local government systems is an enormous challenge in the U.S. grant programs, with a special emphasis on the State and Local Cybersecurity Grant Program, serve as vital instruments in supporting government jurisdictions to fortify their cyber defenses. The SLCGP's impact is becoming evident at the early stages of the journey with participating rural entities beginning to strengthen their cybersecurity posture, contributing to what will become a safer and more secure digital landscape for governments regardless of size or location.

In multiple states, CohnReznick’s engagement with the SLCGP has played a pivotal role in developing cybersecurity plans that enable states to secure SLCGP funding over the grant’s four-year funding horizon, which will help ensure that local and rural jurisdictions get state help in fortifying their critical IT and OT infrastructure, and reducing potential cyber intrusions. We are helping states write their five-year cybersecurity strategies, develop cyber fusion centers, and provide incident response outreach to their localities.  These success stories illuminate CohnReznick’s capabilities in grant management services for states and our cybersecurity strategy expertise for grantees, working in tandem to address the specific needs of their diverse communities.

CohnReznick’s strategy helps ensure that local government entities receive equitable support, helps them optimize the potential of the SLCGP, and enables them to tailor the grant to the needs of their local entities; this has been a key bridge in multiple states.

As we navigate the complexities of the digital age, it is imperative for state and local government officials to explore and leverage cybersecurity grant programs. By prioritizing cybersecurity and participating in grant programs, government entities can overcome unique challenges and contribute to the collective effort of building a resilient and secure digital future.