{"id":49591,"date":"2022-05-05T13:51:06","date_gmt":"2022-05-05T17:51:06","guid":{"rendered":"https:\/\/statescoop.com\/?p=49591"},"modified":"2022-05-05T14:55:17","modified_gmt":"2022-05-05T18:55:17","slug":"cyber-grants-states-infrastructure-law","status":"publish","type":"post","link":"https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/","title":{"rendered":"CIOs plan for cyber grants, wait for CISA’s guidance"},"content":{"rendered":"\n

It’s been nearly six months since President Joe Biden signed a $1.2 trillion infrastructure law, stuffed with new funding for roadways, transit, ports, broadband and, of particular importance to state IT leaders, a bit of money for cybersecurity improvements.<\/p>\n\n\n\n

But even as some of the Infrastructure Investment and Jobs Act’s<\/a> programs have started flowing \u2014 like a $1.5 billion round for regional transportation projects<\/a> \u2014  state officials are still waiting for clarity on how the cyber grants will work, anticipating the moment when the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency will finally publish its guidance<\/a> on the $1 billion, four-year program.<\/p>\n\n\n\n

That guidance gap was a major topic of discussion this week when the National Association of State Chief Information Officers gathered in National Harbor, Maryland, just outside Washington. Over the past few months, CISA has revised its timeline on the cyber grant guidance when meeting with groups representing state<\/a> and local leaders<\/a>, all of whom want to know how they’ll have to apply for the funds, redistribute the bulk to their local subdivisions and report their progress.<\/p>\n\n\n\n

But with the first $200 million meant to be awarded before the federal government’s current fiscal year expires Sept. 30, states will have a very brief window to get their programs going, and there are many questions that still need answering.<\/p>\n\n\n\n

A ‘nightmare’<\/h4>\n\n\n\n

“Part of what we want to do as a state is understand where we are as a cybersecurity ecosystem,” Michigan CIO and Chief Security Officer Laura Clark said Tuesday during a NASCIO session.<\/p>\n\n\n\n

As written in the infrastructure law, the cyber grant program requires each state applying to craft a cybersecurity plan, approved by DHS, and put up a 10% financial match in the program’s first year \u2014 an amount that’s due to increase by 10 percentage points in each additional year. And 80% of all money has to flow down to localities, meaning statewide offices will have to establish funding mechanisms of their own, determine if they’ll ask those towns and counties to put up matching funds themselves and ensure compliance in how the grants are used.<\/p>\n\n\n\n

“We have a certain level of investment,” she said. “But trying to figure out if we can match at the state level, if we require to match at the local level, not only is it a struggle at the local level, it\u2019s also a nightmare at the state level with the reporting.”<\/p>\n\n\n\n

Michigan, Clark said, covers a landscape that runs from the rural fringes of the Upper Peninsula down to the urban and wealthy suburban areas around Detroit. That kind of geographic and economic diversity will require states to be cautious about how they fund local grant recipients.<\/p>\n\n\n\n

“Oakland County” \u2014 a Detroit suburb \u2014 “is one of the richest counties, they have a pretty advanced IT and security program,” she said. “We can\u2019t compare Oakland with a township in the UP.”<\/p>\n\n\n\n

And as Alex Whitaker, NASCIO’s director of government affairs, pointed out during the event, $1 billion spread across the entire United States over four years will be “a drop in the bucket” of what states truly need to improve their overall cybersecurity postures.<\/p>\n\n\n\n

‘One size fits all’ won’t fit<\/h4>\n\n\n\n

A CISA representative met with NASCIO members on Sunday during an off-the-record session, one of several meetings the agency and NASCIO have had since the infrastructure law passed. <\/p>\n\n\n\n

During Clark’s session Tuesday, members listed their expectations and desires for the program. Frequent points included reminding the federal agency that states need wide latitude in applying the grants, not a “one size fits all” approach, and whether state-provided network security services can count as a local grant use.<\/p>\n\n\n\n

“What we\u2019re asking CISA is if states can offer services to locals,” Clark said.<\/p>\n\n\n\n

When CISA does publish a notice of funding opportunity \u2014 now rumored for release sometime this summer \u2014 states will have 45 days to reply. Officials who spoke with StateScoop in National Harbor said they’re aiming to have their documented plans ready to go whenever that guidance drops.<\/p>\n\n\n\n

“We\u2019ve done a lot of research. We\u2019ve actually got a lot of programs in flight I think we can leverage to move Oklahoma forward,” Oklahoma CISO Matt Singleton<\/a> said. “I think we\u2019re going to be in pretty decent shape when the final guidance comes out.”<\/p>\n\n\n\n

‘Don’t expect everything’<\/h4>\n\n\n\n

But giving states flexibility in how they manage the grant programs will be the crucial piece, said Vinod Brahmapuram<\/a>, who recently resigned as Washington state’s CISO.<\/p>\n\n\n\n

“Every state is in a different maturity model,” he told StateScoop. “It\u2019s very important for CISA to allow the states latitude to really find out what is important. If CISA gets very prescriptive with their guidance, that can in fact work against the outcomes we want to get as part of this effort.”<\/p>\n\n\n\n

The cyber grant program’s first year, he said, will at best be a first step.<\/p>\n\n\n\n

“Don\u2019t expect the plans to be very detailed,” he said. “Ask: ‘What are they key issues I\u2019m going to solve?’ Then don\u2019t expect everything in the first dose.”<\/p>\n\n\n\n

Colin Wood contributed reporting.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Six months after President Biden signed the infrastructure law, CIOs and CISOs still have many questions about the cyber grants new program.<\/p>\n","protected":false},"author":200,"featured_media":49602,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"disable_grayscale_images":true,"grayscale_contrast":0,"sponsored_content":false,"display_author_bio":true,"story_type":"","footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[4677,20646],"tags":[23448,23311,23011,16538,15246,14703,5857,5776],"people":[],"special-report":[],"authors":[4697],"class_list":["post-49591","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-state","category-cybersecurity","tag-nascio-22","tag-cyber-grant-program","tag-infrastructure-investment-and-jobs-act","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-matt-singleton","tag-laura-clark","tag-vinod-brahmapuram","tag-national-association-of-state-chief-information-officers-nascio","author-benjamin-freed"],"yoast_head":"\nCIOs plan for cyber grants, wait for CISA's guidance | StateScoop<\/title>\n<meta name=\"description\" content=\"Six months after President Biden signed the infrastructure law, CIOs and CISOs still have many questions about the cyber grants new program.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CIOs plan for cyber grants, wait for CISA's guidance | StateScoop\" \/>\n<meta property=\"og:description\" content=\"Six months after President Biden signed the infrastructure law, CIOs and CISOs still have many questions about the cyber grants new program.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/\" \/>\n<meta property=\"og:site_name\" content=\"StateScoop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/StateScoop\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-05T17:51:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-05-05T18:55:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2022\/05\/matt-singleton-2022-midyear-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2000\" \/>\n\t<meta property=\"og:image:height\" content=\"1124\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Benjamin Freed\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@brfreed\" \/>\n<meta name=\"twitter:site\" content=\"@State_Scoop\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/\",\"url\":\"https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/\",\"name\":\"CIOs plan for cyber grants, wait for CISA's guidance | StateScoop\",\"isPartOf\":{\"@id\":\"https:\/\/statescoop.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2022\/05\/matt-singleton-2022-midyear-1.jpg\",\"datePublished\":\"2022-05-05T17:51:06+00:00\",\"dateModified\":\"2022-05-05T18:55:17+00:00\",\"description\":\"Six months after President Biden signed the infrastructure law, CIOs and CISOs still have many questions about the cyber grants new program.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/#primaryimage\",\"url\":\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2022\/05\/matt-singleton-2022-midyear-1.jpg\",\"contentUrl\":\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2022\/05\/matt-singleton-2022-midyear-1.jpg\",\"width\":2000,\"height\":1124,\"caption\":\"Oklahoma CISO Matt Singleton (Scoop News Group)\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/statescoop.com\/#website\",\"url\":\"https:\/\/statescoop.com\/\",\"name\":\"StateScoop\",\"description\":\"Latest news and events in state and local government technology\",\"publisher\":{\"@id\":\"https:\/\/statescoop.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/statescoop.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/statescoop.com\/#organization\",\"name\":\"StateScoop\",\"url\":\"https:\/\/statescoop.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/statescoop.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2023\/01\/StateScoop-Black.png\",\"contentUrl\":\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2023\/01\/StateScoop-Black.png\",\"width\":1470,\"height\":186,\"caption\":\"StateScoop\"},\"image\":{\"@id\":\"https:\/\/statescoop.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/StateScoop\/\",\"https:\/\/x.com\/State_Scoop\",\"https:\/\/www.linkedin.com\/company\/statescoop\/\",\"https:\/\/www.youtube.com\/@StateScoop\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"CIOs plan for cyber grants, wait for CISA's guidance | StateScoop","description":"Six months after President Biden signed the infrastructure law, CIOs and CISOs still have many questions about the cyber grants new program.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/","og_locale":"en_US","og_type":"article","og_title":"CIOs plan for cyber grants, wait for CISA's guidance | StateScoop","og_description":"Six months after President Biden signed the infrastructure law, CIOs and CISOs still have many questions about the cyber grants new program.","og_url":"https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/","og_site_name":"StateScoop","article_publisher":"https:\/\/www.facebook.com\/StateScoop\/","article_published_time":"2022-05-05T17:51:06+00:00","article_modified_time":"2022-05-05T18:55:17+00:00","og_image":[{"width":2000,"height":1124,"url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2022\/05\/matt-singleton-2022-midyear-1.jpg","type":"image\/jpeg"}],"author":"Benjamin Freed","twitter_card":"summary_large_image","twitter_creator":"@brfreed","twitter_site":"@State_Scoop","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/","url":"https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/","name":"CIOs plan for cyber grants, wait for CISA's guidance | StateScoop","isPartOf":{"@id":"https:\/\/statescoop.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/#primaryimage"},"image":{"@id":"https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/#primaryimage"},"thumbnailUrl":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2022\/05\/matt-singleton-2022-midyear-1.jpg","datePublished":"2022-05-05T17:51:06+00:00","dateModified":"2022-05-05T18:55:17+00:00","description":"Six months after President Biden signed the infrastructure law, CIOs and CISOs still have many questions about the cyber grants new program.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/#primaryimage","url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2022\/05\/matt-singleton-2022-midyear-1.jpg","contentUrl":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2022\/05\/matt-singleton-2022-midyear-1.jpg","width":2000,"height":1124,"caption":"Oklahoma CISO Matt Singleton (Scoop News Group)"},{"@type":"WebSite","@id":"https:\/\/statescoop.com\/#website","url":"https:\/\/statescoop.com\/","name":"StateScoop","description":"Latest news and events in state and local government technology","publisher":{"@id":"https:\/\/statescoop.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/statescoop.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/statescoop.com\/#organization","name":"StateScoop","url":"https:\/\/statescoop.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/statescoop.com\/#\/schema\/logo\/image\/","url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2023\/01\/StateScoop-Black.png","contentUrl":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2023\/01\/StateScoop-Black.png","width":1470,"height":186,"caption":"StateScoop"},"image":{"@id":"https:\/\/statescoop.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/StateScoop\/","https:\/\/x.com\/State_Scoop","https:\/\/www.linkedin.com\/company\/statescoop\/","https:\/\/www.youtube.com\/@StateScoop"]}]}},"parsely":{"version":"1.1.0","canonical_url":"https:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/","smart_links":{"inbound":0,"outbound":0},"traffic_boost_suggestions_count":0,"meta":{"@context":"https:\/\/schema.org","@type":"NewsArticle","headline":"CIOs plan for cyber grants, wait for CISA’s guidance","url":"http:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/","mainEntityOfPage":{"@type":"WebPage","@id":"http:\/\/statescoop.com\/cyber-grants-states-infrastructure-law\/"},"thumbnailUrl":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2022\/05\/matt-singleton-2022-midyear-1.jpg?w=150&h=150&crop=1","image":{"@type":"ImageObject","url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2022\/05\/matt-singleton-2022-midyear-1.jpg"},"articleSection":"State","author":[{"@type":"Person","name":"Benjamin Freed","url":"https:\/\/statescoop.com\/author\/benjamin-freed\/"}],"creator":["Benjamin Freed"],"publisher":{"@type":"Organization","name":"StateScoop","logo":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2023\/01\/cropped-ss_favicon.png"},"keywords":["cyber grant program","cybersecurity and infrastructure security agency (cisa)","infrastructure investment and jobs act","laura clark","matt singleton","nascio 22","national association of state chief information officers (nascio)","vinod brahmapuram"],"dateCreated":"2022-05-05T17:51:06Z","datePublished":"2022-05-05T17:51:06Z","dateModified":"2022-05-05T18:55:17Z"},"rendered":"<script type=\"application\/ld+json\" class=\"wp-parsely-metadata\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@type\":\"NewsArticle\",\"headline\":\"CIOs plan for cyber grants, wait for CISA’s guidance\",\"url\":\"http:\\\/\\\/statescoop.com\\\/cyber-grants-states-infrastructure-law\\\/\",\"mainEntityOfPage\":{\"@type\":\"WebPage\",\"@id\":\"http:\\\/\\\/statescoop.com\\\/cyber-grants-states-infrastructure-law\\\/\"},\"thumbnailUrl\":\"https:\\\/\\\/statescoop.com\\\/wp-content\\\/uploads\\\/sites\\\/6\\\/2022\\\/05\\\/matt-singleton-2022-midyear-1.jpg?w=150&h=150&crop=1\",\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/statescoop.com\\\/wp-content\\\/uploads\\\/sites\\\/6\\\/2022\\\/05\\\/matt-singleton-2022-midyear-1.jpg\"},\"articleSection\":\"State\",\"author\":[{\"@type\":\"Person\",\"name\":\"Benjamin Freed\",\"url\":\"https:\\\/\\\/statescoop.com\\\/author\\\/benjamin-freed\\\/\"}],\"creator\":[\"Benjamin Freed\"],\"publisher\":{\"@type\":\"Organization\",\"name\":\"StateScoop\",\"logo\":\"https:\\\/\\\/statescoop.com\\\/wp-content\\\/uploads\\\/sites\\\/6\\\/2023\\\/01\\\/cropped-ss_favicon.png\"},\"keywords\":[\"cyber grant program\",\"cybersecurity and infrastructure security agency (cisa)\",\"infrastructure investment and jobs act\",\"laura clark\",\"matt singleton\",\"nascio 22\",\"national association of state chief information officers (nascio)\",\"vinod brahmapuram\"],\"dateCreated\":\"2022-05-05T17:51:06Z\",\"datePublished\":\"2022-05-05T17:51:06Z\",\"dateModified\":\"2022-05-05T18:55:17Z\"}<\/script>","tracker_url":"https:\/\/cdn.parsely.com\/keys\/statescoop.com\/p.js"},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2022\/05\/matt-singleton-2022-midyear-1.jpg","distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"StateScoop","distributor_original_site_url":"https:\/\/statescoop.com","push-errors":false,"_links":{"self":[{"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/posts\/49591","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/users\/200"}],"replies":[{"embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/comments?post=49591"}],"version-history":[{"count":7,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/posts\/49591\/revisions"}],"predecessor-version":[{"id":49603,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/posts\/49591\/revisions\/49603"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/media\/49602"}],"wp:attachment":[{"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/media?parent=49591"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/categories?post=49591"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/tags?post=49591"},{"taxonomy":"people","embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/people?post=49591"},{"taxonomy":"special-report","embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/special-report?post=49591"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/authors?post=49591"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}