State and Local Cybersecurity Grant Program

Through the Infrastructure Investment and Jobs Act (IIJA) of 2021, Congress established the State and Local Cybersecurity Improvement Act, which established the State and Local Cybersecurity Grant Program, appropriating $1 billion to be awarded over four years.

Funding for each state is calculated using a formula determined by the federal Cybersecurity and Infrastructure Security Agency (CISA). Georgia expects to receive almost $5 million for FY 2022. The grant requires matching funds, set at 10% for FY 2022 and increasing to 40% by FY 2025.

For states, a majority of grant funding is focused on local government cybersecurity:

• At least 80% of grant funds must benefit local governments
• Of that 80% share, at least 25% must benefit rural areas.

These requirements can be met using a direct passthrough of funds and/or, with their consent, spent on cyber capabilities provided on behalf of local governments.

Grant funds can be used to meet four objectives:

• Develop and establish appropriate governance structures, including developing, implementing, or revising cybersecurity plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations.
• Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments.
• Implement security protections commensurate with risk.
• Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility.

Applying for cybersecurity grant funds

CISA announced specifics about the grant program on September 16, 2022.

As required, Georgia has established a State Cybersecurity Planning Committee, which is chaired by the Interim State Chief Information Security Officer and includes representatives of local governments and other public entities across the state.