$1 billion for public sector security—act quickly
October 6, 2022
Great news: State, local and territorial governments can now apply for federal grants to upgrade cybersecurity. We believe these grants can bring significant improvements in security and resiliency—but public entities should move fast.
The deadline for applying for year one grant funding is 5 pm ET November 15, 2022. The Biden Administration also plans to unveil a separate grant program for tribal governments this fall.
The State and Local Cybersecurity Grant Program, administered by the Cybersecurity and Infrastructure Security Agency (CISA), represents one of the largest federal grant packages ever for state and local cybersecurity—and it comes at a great time. US, state and local governments experienced a 50% increase in cyberattacks from 2017 to 2020. At the same time, there's an extreme shortage in cybersecurity talent, with 2.7 million unfilled cybersecurity jobs globally.
Funding will be available in Q3 2022 through Q3 2026 and distributed yearly, with applicants required to meet certain requirements. For example, applicants must be one of the 56 states and territories, submit a Cybersecurity Plan that aligns with the criteria (unless funding will be used to create the plan in year one) and have a Cybersecurity Planning Committee comprised of specified members.
1) Get strategic. To access the funding, present a cybersecurity plan to CISA outlining how you will improve cybersecurity. The first year of funding can be used to create a statewide cybersecurity plan. If that's the case, plans must be submitted by September 30, 2023. The Cybersecurity Plan is a statewide planning document that must be approved by the Cybersecurity Planning Committee and the CIO/CISO equivalent. The Plan should be updated in FY24 and FY25 and should contain all of the specific items in the Required Elements section of Appendix C of the Notice of Funding Opportunity (NOFO).
The NOFO elements align with the National Institute of Standards and Technology (NIST) Cybersecurity Framework best practices (i.e., Identify, Protect, Detect, Respond and Recover). In addition, governance, risk and compliance and workforce development are important aspects. Also, since cybersecurity isn’t a ‘one and done’ activity, a key to success is creation of a Cybersecurity Program Management Office (PMO) to orchestrate, implement, update and maintain the plan and assist with funds administration. Accenture has extensive experience in this area and can help with cybersecurity plan development and implementation, standing up and running of PMOs and funds management.
2) Become resilient. Accenture’s State of Cybersecurity Resilience 2021 report found organizations can reduce the cost of breaches by up to 71% if they increase their performance to what we call 'Cyber Champion’ levels. A common characteristic of Cyber Champions is that they gave CISOs a seat at the top table; became threat-centric; aligned cybersecurity to their organization’s business strategy; and modernized legacy systems by taking advantage of cloud security solutions.
Specifically, when seconds matter, a swift and effective response is crucial. Incident Response Retainer and Managed Extended Detection and Response (MxDR) services are great ways to rapidly increase resiliency to cyber attacks. In addition, implementing disaster recovery and data backup strategies may reduce the impact of cyber attacks by enabling continued access to mission-critical public data and services during a breach.
3) Embed security. Make it a part of every initiative, including migration to cloud, applications and platform modernization. Cloud is and will be vital. The Accenture and National Association of State Chief Information Officers (NASCIO) Cloud Study found that as states responded to the COVID-19 pandemic, they accelerated the move to remote and hybrid workforces. Globally, 57% of public sector leaders feel that accelerating cloud adoption is mission critical. Cloud also takes center stage in the US Federal Government, with the FY22 National Defense Authorization Act (NDAA) allocating more than $44 billion for the Department of Defense to migrate to the cloud, including a directive for the US Space Force to brief Congress on how it will leverage cloud.
We applaud this emphasis on cloud. Public services organizations can take advantage of cloud-native security services to modernize security while migrating to the cloud, and Accenture can help with each step of the cloud journey. Our IT infrastructure is 95% in the public cloud and is costing us half as much as our legacy delivery models. We have a multi-cloud strategy and currently leverage Microsoft Azure and Amazon Web Services and Google Cloud Platform. Thus, cloud is a fiscally sensible option for public entities.
We can learn a lot about what is to come for public services organizations by looking at regulations and the movement to improve cybersecurity in the US Federal Government. In May 2021 the Executive Order on Improving the Nation’s Cybersecurity introduced the widest sweeping cybersecurity reform ever. Three key themes in the executive order are: the requirement for all Federal agencies to adopt a Zero Trust Architecture; Software Supply Chain Security; and CISA's role in collaborating with states.
Ultimately security is about people: protecting people, bringing people together and sharing knowledge and tools to collectively strengthen our defenses. By aligning cybersecurity with their goals and mission, state and local government agencies can save money and operate more efficiently while helping to protect citizen information and operations integrity.
Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services and Accenture Song — all powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. Our 721,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities. Visit us at www.accenture.com.
Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter, LinkedIn or visit us at accenture.com/security.
This document makes descriptive reference to trademarks that may be owned by others. The use of such trademarks herein is not an assertion of ownership of such trademarks by Accenture and is not intended to represent or imply the existence of an association between Accenture and the lawful owners of such trademarks.
This document is produced by consultants at Accenture as general guidance. It is not intended to provide specific advice on your circumstances. If you require advice or further details on any matters referred to, please contact your Accenture representative.
Copyright © 2022 Accenture. All rights reserved. Accenture, and its logo are trademarks of Accenture.