Florida and South Dakota are the only two states in the United States that have refused to apply for millions in federal funding to address cybersecurity issues, according to a new report from The Record, the news outlet of threat intelligence provider Recorded Future.
$1 Billion for Cybersecurity
Late last year, the federal government earmarked a $1 billion pot of grant money for state, local and territorial governments to defend themselves against cyberattacks. After $185 million dispersed in the first year, $400 million will be doled out in year two, followed by $300 million in year three and $100 million in year four.
Eligible states and territories had until late November to apply for the funds, which were widely welcomed to help state and local governments fight cyber crime.
Some states and territories have said they will use the funds to flesh out cyber staff. Others have pointed to uplifting their infrastructure to better defend their state and local government entities. Lower-level government agencies and public sector entities, typically lacking the necessary resources to fully combat cyber crime, have become prime targets for hackers in extortion plots to steal money and exfiltrate data.
The new funding, which springs from the 2021 State and Local Cybersecurity Improvement Act, is intended to assist state, local and territorial governments to enact plans and programs tailored for their own needs.
Florida, South Dakota Take a Pass
Both Florida and South Dakota cited administrative issues as well as no need for the money.
“We would have loved to see all 56 states and territories apply for their allocation. Unfortunately, two opted not to apply for that allocation in year one on principle,” CISA deputy assistant director of stakeholder engagement Trent Frazier said at an event in January, The Record reported. “We will certainly invite them to apply again in year two because we believe that across the country, there are needs that need to be addressed and this is a viable program to ensure that our local communities and our states have resources to address those needs."
While Frazier didn’t name the two states that opted out at the time, he subsequently confirmed that Florida and South Dakota did not apply.
Florida’s Florida Digital Service told The Record that the state objected to what it called “invasive and bureaucratic requirements” in the funding application while also contending the money wasn’t needed. Florida has already created its own $30 million grant program for local governments to strengthen their cybersecurity abilities, increased pay for cybersecurity employees, allocated money for cybersecurity training and a risk assessment of the state’s critical infrastructure, a spokesperson told The Record.
As for South Dakota, a spokesperson for Governor Kristi Noem told The Record that the state has already allocated $30 million for a cybersecurity applied research lab at Dakota State University. As had Florida, South Dakota contended that the application placed on it “substantial administrative burdens” and the current structure “only gives temporary funding.”
How the Grant Programs Help
The State and Local Cybersecurity Grant Program (SLCGP) and the Tribal Cybersecurity Grant Program (TCGP) helps eligible entities address cybersecurity risks and threats to information systems owned or operated by or on behalf of state, local and territorial governments. Through two distinct Notice of Funding Opportunities, the money will be allocated over four years to support projects throughout the performance period.
Territorial grant money will be released after the state and local funding, as will be the case throughout the four years. States with plans approved by the Cybersecurity and Infrastructure Security Agency (CISA) could land at least $2 million for cybersecurity projects. At the state level, governments are required to distribute at least 80% of their grant funding to local and rural communities and at least 3% to tribal governments.
The Department of Homeland Security (DHS) will implement the state and local grant program through CISA and the Federal Emergency Management Agency (FEMA). CISA will serve as the subject-matter expert in cybersecurity related issues. FEMA will provide grant administration and oversight for appropriated funds, including award and allocation of funds to eligible entities, financial management and oversight of funds execution.