COMMENTARY
Since the pandemic forced unprecedented adoption of remote access and delivery of government services, telehealth, and education, cybersecurity has rapidly shot to the top of priority lists for IT leaders. What was once a shiny object that agencies didn’t have the resources to implement is now mission critical. However, governments are grappling with several challenges in upgrading cyber defenses to match today’s elevated threat landscape.
The public sector faces incredible data sprawl across departments including law enforcement, health agencies, and city services. With sensitive information subject to regulations like the Health Insurance Portability and Accountability Act (HIPAA), endpoint devices used by all government employees, and remote access to government IT infrastructure, governments need comprehensive data and access security. If data maintained by government agencies is accessed or becomes compromised, the consequences can be catastrophic. Migrating data to secure cloud platforms has helped consolidate repositories, but shoring up network transitions and multiple security layers remains a challenge.
Limited budgets, overstretched IT staff, and a shortage of available cybersecurity workforce hinder the procurement of updated tools and security talent. SHI’s recent study on public sector cybersecurity shows budgets are growing modestly, with 47% seeing increases of some kind in the next fiscal year. However, the modest growth in funding is usually not enough to fully address needs. Only 17.7% of public sector IT leaders leverage federal grants to help bridge the cybersecurity gap.
Government agencies can access supplemental funding in the form of grants to expand their cybersecurity programs and better protect the services they provide and their constituents’ data.
Identifying Supplementary Funding Options
The Infrastructure Investment and Jobs Act (IIJA) demonstrates a recognition of the importance of improving cybersecurity in the public sector through a $1 billion investment. FEMA, the Department of Homeland Security (DHS), and the Department of Justice (DoJ) have expanded the eligible expenditures of several grant programs to include cybersecurity. ARPA State and Local Fiscal Relief Funds (SLFRF) may be used for government services up to the amount of documented revenue loss due to COVID.
The final rule offers a standard allowance for revenue loss of $10 million, allowing recipients to select between a standard amount of revenue loss or complete a full revenue loss calculation. Government services include, but are not limited to, modernization of cybersecurity, including hardware, software, and protection of critical infrastructure.
Many states also have their own cybersecurity funding programs available to state and local governments. Despite the availability, many agencies haven’t taken advantage of supplemental funding opportunities — 45.6% report needing help understanding which grants they qualify for, and 44.9% need help understanding available grants. Private partners can help identify potential grants for technology initiatives in public sector agencies and help those agencies to understand and apply for those grants. In many cases, there are security control prerequisites for winning these grants. Making those initial cyber-hygiene improvements is a great first step toward future success and positions an organization well to implement new tools if it is awarded the grant.
Prioritizing Investments
Once an organization has access to grant funding, the question is which issue to tackle first, and there are usually many. According to 63.9% of the survey respondents, the biggest challenge is managing the growing complexity of devices, workloads, and identities. Agencies should be spending any funding they receive to solve those problems first.
This is where identity access management (IAM) and cloud security tools, along with response plans, can be particularly useful to local and state agencies. In fact, the top areas of expected increased investment for local and state agencies are IAM (26.7%), cyber-incident response plans (24.7%), cloud security (34.7%), and email security (33.3%).
These tools are common in the private sector, but the challenges they’re solving are quite different. The scope is much larger in the public sector, where all constituents are served by government agencies with critical services, so security must be prioritized above all else just to keep the lights on. Instead of one company and its customers, every single person in a given region is affected by the security of its government.
Getting Started
Billions of dollars are available through grants to address the technology needs of the public sector. Grants can serve as an excellent supplemental funding option for government agencies looking to strengthen their cybersecurity posture. Grant funding and a thoughtful strategy can help public sector agencies become resilient and withstand today’s threat landscape.
Partners can help these agencies navigate the available funding options, achieve the prerequisites for acquiring grants, and suggest the best areas for investment that would make the biggest impact on improving their cybersecurity posture.
The public sector is increasingly in threat actors’ crosshairs, as evidenced by attacks on and a children’s hospital in Chicago that was knocked offline. There may not be a silver bullet that protects all these agencies and organizations, but with the help of grant funding, they can better defend themselves and their constituents as the threat landscape becomes more dangerous than ever.
https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt170959d4958bf5aa/663cd502934d6ffa56b9fcb6/Grant_Igor_Stevanovic_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop