Governor Kathy Hochul on Friday released the New York State Cybersecurity Grant Plan, which details a whole-of-state approach to reduce cyber risk and build cyber resiliency in local governments statewide. Through the utilization of nearly $6 million in funding through the federal State and Local Cybersecurity Grant Program, this grant program will expand access to cybersecurity information, tools, resources, and services so that public sector entities in New York have access to the most sophisticated cyber defenses. Given the funding available, New York will use its economy of scale purchasing power to directly procure and deliver best-in-brand software, hardware, and services to eligible entities.
“A cyberattack can halt an entire community, and it’s essential that local governments have the resources and information needed to protect themselves and quickly respond to a cyber threat,” Governor Hochul said. “This funding will provide tools to help municipalities secure critical infrastructure to protect New Yorkers and reduce cyber risks.”
As part of the federal Infrastructure Investment and Jobs Act of 2021, Congress established the State and Local Cybersecurity Grant Program (SLCGP) to award funding to each state to help eligible entities address cybersecurity risks and threats to information systems owned or operated by or on behalf of State, local, tribal, and territorial governments. The SLCGP FY2022 funding allocation for New York is $5,810,605, and at least 80 percent of the funds will be allocated to goods and services for local government entities, with at least 25 percent of that allocated to entities in rural areas.
To ensure the maximum number of New York entities can benefit from the limited SLCGP funds, New York will directly procure software, hardware, and services for delivery to eligible entities. During the program’s first year, New York State is focusing on shared services initiatives to help local government entities build a baseline level of cybersecurity. These initiatives are:
- Multi-Factor Authentication (MFA): MFA is a method to authenticate a user that requires them to provide two or more verification factors so they can gain access to a resource. New York will provide hardware and/or software tokens and professional services that eligible entities can use to implement MFA in their technology environments.
- Cybersecurity Certification Scholarship: New York will provide scholarships for select employees from eligible entities who currently have roles or responsibilities related to information technology, information security, cybersecurity, data privacy, and/or data security to achieve an industry-recognized cybersecurity certification.
- Cybersecurity Awareness Training: New York will provide online cybersecurity awareness training for eligible entities for their employees.
Eligible entities can indicate their interest in participating in one or more of the shared services offerings by completing the SLCGP Interest Form. Responses to this form will help the state appropriately plan to address statewide needs utilizing FY2022 funding in Year 1 of the program. A formal application process will commence later this year. Application information will be made available on the Division of Homeland Security and Emergency Services’ Grant Programs webpage.
