There’s good news and there’s bad news.
Let’s explore the ins and outs of the federal government’s new State and Local Cybersecurity Program (SLCGP). From the details and requirements of the program to how your district might benefit, we’ll walk you through all you need to know about the opportunity.
In November 2021, President Biden signed a $1.2 trillion Infrastructure Investment and Jobs Act — better known as the Bipartisan Infrastructure Law. The bill gave state and local governments resources through which they could improve roads, bridges, broadband, and other essential components of their infrastructure.
Through this legislation, Congress also established the State and Local Cybersecurity Grant Program. It’s a first-of-its-kind initiative that empowers the federal government to make targeted cybersecurity improvements within state, local, and territory government agencies. A total of $1 billion will be distributed over the next four years.
Okay — so what does this mean for your school district? How does this involve K-12 education?
According to K-12 Dive, schools cannot directly apply for the program. However, they can work with state and local governments to acquire funding. Per the SLCGP’s fact sheet, local governments are defined by law as a county, municipality, city, town, township, local public authority, or a school district. Likewise, a minimum of 80% of the state allocations must be passed down to the local level (i.e., school districts and other local entities).
That means schools can still access federal funding, albeit with a few caveats.
All 56 states and territories, including the District of Columbia, Commonwealth of Puerto Rico, U.S. Virgin Islands, Guam, American Samoa, and Northern Mariana Islands are eligible to apply. However, only state agencies are able to submit the application.
According to the Department of Homeland Security, the program has four objectives it requires of every applicant. Each one is meant to serve the overall purpose of assisting state and local governments (school districts included) with reducing cyber risk. Applicants must demonstrate in their application how they will:
The Bipartisan Infrastructure Law requires grant recipients to complete certain steps after receiving a grant:
The program has strict rules about how grant money can and cannot be used. K12 SIX, a national nonprofit dedicated to the advancement of K-12 cybersecurity, breaks down the conditions in simple terms:
For fiscal year 2022 — the first year in the program’s existence — a total of $185 million is available through the SLCGP.
You may be wondering: What’s the point of the SLCGP? Why was the program created in the first place?
Here’s how the Department of Homeland Security puts it in their Notice of Funding Opportunity:
“Our nation faces unprecedented cybersecurity risks, including increasingly sophisticated adversaries, widespread vulnerabilities in commonly used hardware and software, and broad dependencies on networked technologies for the day-to-day operation of critical infrastructure. Cyber risk management is further complicated by the ability of malicious actors to operate remotely, linkages between cyber and physical systems, and the difficulty of reducing vulnerabilities.”
Simply put, cybercrime is surging. And virtually no other sector is targeted more frequently than K-12 education. According to Microsoft Security Intelligence, education accounts for over 80% of malware encounters in the past 30 days. That’s more than retail, healthcare, and telecommunications combined.
As high-profile cybersecurity incidents like the Los Angeles Unified School District’s ransomware attack demonstrate, public schools are constantly under siege from malicious hackers. And with the majority of districts operating in the cloud, the attack surface is only growing larger.
Think about it: For every student in your district, they may have several accounts linked to your domain, all spread out across several personal and school-provided devices. That means it’s becoming increasingly more difficult for school IT departments to secure sensitive data inside the district. Even the FBI is warning schools to take a closer look at their cybersecurity policies.
To make matters worse, many districts are struggling to keep up with the rapidly changing pace of cloud security. Why? A variety of factors may be to blame:
To boil it down, schools lack the means to keep sensitive data under lock and key. That’s exactly what the SLCGP aims to do. The grant program represents an important opportunity for unfunded schools to seize cloud security solutions that can help them better protect their students from digital harm.
As previously mentioned, schools themselves cannot directly apply for funding. Also, the deadline of the first application period ended on November 15 — just two months after the launch of the program.
Nonetheless, there are still steps schools can take to make sure they benefit from the available funding. It’s important that school administrators understand the process and know exactly how they can rally support from their state governments.
First, if you haven’t done so already, proactively reach out to your state’s Chief Information Security Officer (CISO). Engaging with your state CISO will allow you to learn more about their plans to apply and/or implement SLCGP funds. Most significantly, you can discuss how those funds will be used to benefit your school district.
Check out a list of all state CIOs here.
It’s important to note that the program requires each state applicant to include at least one representative from relevant stakeholders, including public education. In other words, chances are your state likely already has someone representing your interests. Because ultimately it’s up to the state to determine how funds are allocated, it’s a good idea to be involved in this process and let your voice be heard.
Meanwhile, there are tangible steps you can take in terms of cybersecurity. The SLCGP seeks to advance the implementation of several best practices:
Schools are encouraged to implement these best practices wherever possible. For instance, schools should audit their cloud domains to identify any unsupported or unsanctioned cloud apps that may pose a risk to sensitive data.
These steps should help you benefit from SLCGP funds during the next application period.
Hopefully, some much needed extra funding is headed your way. And if it is, you’re going to need to figure out the best way to spend it.
Here’s an idea: Why not deploy a proper cloud security platform? EdWeek Research tells us that the majority of schools aren’t allocating their budgets to protecting cloud applications. With the right choice of solution, you can safeguard data and multiply the power of your security team.
Here’s what to look for in a cloud security platform:
Don’t let cloud security fall through the cracks. Request your free cloud security audit and gain peace-of-mind over the holidays with a free cloud security trial by ManagedMethods today.