Local governments on the receiving end of Federal state and local cybersecurity grants are getting a case of heartburn from the process, as they may end up receiving services from state governments, but not much cash.
The State and Local Cybersecurity Grant Program funded by last year’s Bipartisan Infrastructure Law is steering $1 billion to states, territories and tribes to improve their cybersecurity environment over the next four years. Notably, states are required to pass along 80 percent of the funds to local governments – providing them a much needed, and much appreciated bounty.
The problem for local governments is the currency that the grants take.
Most states, said Amy Hille Glasscock, Program Director for Innovation and Emerging Issues at the National Association of State Chief Information Officers (NASCIO), are choosing to pass along the support to local governments, “but do so by offering ‘services’ to local governments rather than cash payments, which is of course allowed in the bill.”
Glasscock and Polly Hall, senior advisor to the Chief Procurement Officer at the Department of Homeland Security, explained those practical realities of the SLG grant funding program at a March 7 event organized by Nextgov and GCN.
New Federal guidance and executive orders have placed particular emphasis on the critical need to modernize governments’ operations and services, but the priority goes well beyond directives. This recent influx of unprecedented funding initiatives provides SLG leaders with the necessary resources to translate modernization goals into reality. Or so they say …
As a frequent observer of the state and local government relationship ‘lo these many years, Glasscock’s remarks gave me pause. It has often been problematic for intergovernmental sharing of data, let alone sharing dollars.
And while the law’s description of these ‘services instead of cash’ – including cybersecurity assessments, training, and the application of other basic cyber hygiene practices – is extensive and valuable, it may not suffice.
And while Glasscock said “they constitute a holistic approach to cybersecurity that should improve the defense posture of local governments and ensure that the money goes as far as possible,” that may still fall short. That’s because, in the locals’ minds, nothing beats cold, hard cash.
Nonetheless, I thought I would test my hypothesis with “Mr. Local Government,” our good friend Alan Shark, executive director of the Public Technology Institute, part of CompTIA. PTI supports local government officials through research, education, professional development, executive-level consulting services, and national recognition programs.
Shark has been a local government guru for more than a quarter century – one who steadfastly keeps his finger on the pulse of all things local.
When asked for his opinion on the grant funding, Shark did not hesitate, “As you might imagine, this is not what local governments had expected. From the 60,000-mile height level it might make sense – but locals were planning on receiving help which might only come indirectly.”
“This program is a huge disappointment and is way too top-down and divorced from reality in multiple ways,” Shark said.
As we’ll see, this situation is still developing.