Cybersecurity Funding Opportunities for State and Local Governments
Adhering closely to the U.S. federal government’s top legislative priorities for 2022, state chief information officers (CIO’s) have once again ranked cybersecurity as their top priority for 2022, following an already established decade-long trend in this direction.
Cybersecurity has become increasingly more important to state and local governments since the start of the pandemic, as cybercriminals have leveraged governments’ digital and remote transition to their advantage. For instance, ransomware attacks and identity fraud are on the rise due to ease of accessibility of personal data and low endpoint security. As state and local governments continue to utilize online delivery for public services, they will need to ensure they have the proper identification verification tools and upgrade outdated legacy systems that are not equipped to handle security threats.
As the whole-of-government approach to strengthening the nation’s cybersecurity defenses continues to be a top priority, these security investments will be a pivotal component to risk mitigation and resilience for the state and local market.
When analyzing funding opportunities for cybersecurity investments, in addition to annual state budget allocations, we’ve identified two additional funding sources for states to leverage for their security investments: The American Rescue Plan Act (ARPA) of 2021 and the Infrastructure Investment and Jobs Act (IIJA).
On March 11, 2021, President Joe Biden signed the $1.9 trillion ARPA, to aid public health and economic recovery from the COVID-19 pandemic. The plan allocates $195.3 billion to the states, and an additional $130.2 billion to local governments and authorities. Funds must be allocated by December 2024 and spent by December 2026. The law allows state, local and education (SLED) organizations to designate cybersecurity modernization as a suitable use of ARPA funding to enhance security programs and resilience. There are two eligible use categories that allow for cybersecurity investments:
- Revenue Loss: funds that would have gone toward helping states recoup pandemic-induced lost revenue can instead be redirected toward projects that modernize cybersecurity hardware and software, or protect critical infrastructure
- Water, Sewer and Broadband Infrastructure: ARPA also provides the Environmental Protection Agency (EPA) with funds that allow states to allocate dollars towards meeting cybersecurity needs that protect water and sewer infrastructure. It’s also important to note that some of the broadband modernization dollars in ARPA and the infrastructure legislation are addressable to cybersecurity vendors.
Another pocket of funding that states can tap into to fund cybersecurity projects is IIJA, signed into law by President Biden on November 15, 2021. IIJA provides $1 billion in grants towards cybersecurity enhancements for state and local government information systems. These funds will be dispersed over the next four years in the following increments: $200 million in 2022, $400 million in 2023, $300 million in 2024 and $100 million in 2025. The cybersecurity grant program requires a state match and the submission of a Cybersecurity Plan by September 30, 2023, which reflects a comprehensive understanding of relevant cybersecurity control methods and applications.
Understanding your SLED customer’s cybersecurity landscape and working with them to assess their existing capabilities and challenges is essential in determining which services, tools and products will be most beneficial. Fortunately, the wide-ranging list of allowable ARPA fund uses provide ample IT investment opportunities. These funds may support both near- and long-term investment in cybersecurity practices, updating old enterprise legacy systems that are unequipped to handle modern threats, moving to the cloud for enhanced data storage, or employee training services and platforms that can help build a stronger and more resilient security platform. Although the infrastructure bill is smaller in fiscal scope, it will also create areas of immediate IT opportunity for cybersecurity vendors and has the potential to spur long-term state and local cybersecurity modernization investment efforts.
Both the ARPA and the bipartisan IIJA deal underscore the consistency of the national agenda to continue its prioritization of cybersecurity enhancements. Furthermore, as states and local entities heeded caution with regards to their fiscal commitments in 2021, many states will have entered their fiscal year 2022 in a budget surplus, which will allow for more flexibility in terms of cybersecurity allocations. Since states will be more able to dedicate funding to long-term and costlier initiatives, technology vendors have a unique opportunity to help customers create long-term technology investments that will strengthen their security posture and help them become more resilient both now and in the future.
To get more TD SYNNEX Public Sector Market Insight content, please visit our Market Intelligence microsite.
About the Author:
Yvonne Maffia is the senior analyst on the TD SYNNEX Public Sector Market Insights team covering State and Local trends across the Public Sector.
Related Blog Posts
Application Lifecycle, Education, Market Intelligence, State & Local Government
According to data contained in a recent study from Pediatrics, the official scientific journal of the American Academy of Pediatrics, the number of school shootings in the United States has increased dramatically every year since the 2017-2018 school year. At the same time, school mass shootings have become increasingly deadly. Given this trend and the risk posed by security threats to students and faculty, school districts are desperate to find solutions to improve school security.
Gabriel Zighelboim
Big Data & Analytics, Market Intelligence, State & Local Government
Since 2023, we have seen an explosion in the number of state data privacy laws, demonstrating a clear focus amongst state governments in data privacy. In fact, according to the National Conference of State Legislatures, “at least 40 states and Puerto Rico introduced or considered at least 350 consumer privacy bills in 2023.” These data privacy laws create protections for a range of several types of data, from general consumer data protections to specific protections for health data and minor data.
Gabriel Zighelboim
Cybersecurity, Federal Government, Market Intelligence, State & Local Government
The 2024 United States presidential election is rapidly approaching, and state and local governments are focusing their efforts on bolstering election security and ensuring the proper safeguards are in place.
Yvonne Maffia
Cybersecurity, Federal Government, Market Intelligence, State & Local Government
The 2024 United States presidential election is rapidly approaching, and state and local governments are focusing their efforts on bolstering election security and ensuring the proper safeguards are in place.
Yvonne Maffia
Cloud Computing, Cybersecurity, Market Intelligence
Originally passed in 2014, the Federal Information Technology Acquisition Reform Act (FITARA) was designed to improve the management of all-things-IT across federal agencies. It essentially realigned how the government purchases and updates its technology, with an aim at grading agencies based on their ability to adhere to and improve on the following categories:
Susanna Patten
Market Intelligence, State & Local Government, Technology
The start of a new year often brings uncertainties; but in 2024 one thing is for certain—artificial intelligence (AI) is top of mind nationwide and is expected to have a transformational impact on our society both now and in the future.
Yvonne Maffia
Big Data & Analytics, Market Intelligence, State & Local Government
The year 2024 is just around the corner, and with a new year typically comes new priorities. However, some things, like digital government, are here to stay. Improving the Citizen Experience will continue to be a top priority both now and, in the future, as the modern world emphasizes the importance of personalized services that provide agility, accountability, transparency, equity, efficiency, adaptability.
Prioritizing Citizen Experience
Yvonne Maffia
Market Intelligence, State & Local Government, Technology
Numerous reports by various organizations, including the Government Accountability Office, have consistently found insufficiencies in state unemployment insurance programs. These insufficiencies were laid bare during the COVID-19 pandemic when increased need for such services, combined with an increase in fraudulent activity targeting unemployment insurance programs, overtaxed states’ unemployment insurance systems.
Gabriel Zighelboim
Cloud Computing, Cybersecurity, Education, Market Intelligence, State & Local Government, Technology
The annual EDUCAUSE conference highlighted higher education technology trends, goals, challenges, and how to identify a way ahead for higher education institutions to be successful in today’s modern world.
Yvonne Maffia
Cloud Computing, Cybersecurity, Education, Market Intelligence, State & Local Government, Technology
The annual EDUCAUSE conference highlighted higher education technology trends, goals, challenges, and how to identify a way ahead for higher education institutions to be successful in today’s modern world.
Yvonne Maffia
Cybersecurity, Education, Federal Government, Market Intelligence, Technology
Over the last few months, there have been several recent cybersecurity initiatives at the federal level, aimed at bridging gaps in K-12 cybersecurity policy and strategy.
Yvonne Maffia
Cloud Computing, Cybersecurity, Market Intelligence
The Air Force hosts an annual summit known as Department of the Air Force Information Technology and Cyberpower (DAFITC) in Montgomery, Alabama, right next to Maxwell Air Force Base. It’s an opportunity for Guardians, Airmen, academics, and IT industry to come together to discuss pain point remedies and high-level plans and strategies. It is also an opportunity for branch heads to strike deals that lead to the adoption of modern and effective systems, meant to enable air superiority. Ms.
Kevin Shaker
Cybersecurity, Internet of Things, IT Infrastructure, Market Intelligence
IoT and Its Impact on Infrastructure and Governance
The Internet of Things (IoT) revolutionizes how governments, organizations, and citizens interact with the physical world. This wave of interconnected devices promises a transformative infrastructure and governmental operations shift. However as the reach of IoT grows, the implications — especially related to security — become even more profound.
Dawit Blackwell
Cybersecurity, Internet of Things, IT Infrastructure, Market Intelligence
IoT and Its Impact on Infrastructure and Governance
The Internet of Things (IoT) revolutionizes how governments, organizations, and citizens interact with the physical world. This wave of interconnected devices promises a transformative infrastructure and governmental operations shift. However as the reach of IoT grows, the implications — especially related to security — become even more profound.
Dawit Blackwell
Big Data & Analytics, Market Intelligence, State & Local Government
Data analytics played a pivotal role in state, local, and education (SLED) governments’ response to the COVID-19 pandemic, and the emphasis on the importance of data has only continued to magnify over the last couple of years. Data analytics and related technology tools provide a host of benefits ranging from real-time data analysis, increased transparency and accountability, streamlined citizen facing services, better decision making and savings in both costs and time.
Yvonne Maffia
Application Lifecycle, DevSecOps, Federal Government, State & Local Government
Technology is supposed to make our lives easier. So you know something’s wrong when nearly a third of federal government acquisition professionals surveyed say their agency’s acquisition technology makes the job more difficult.
Ben Allen
Application Lifecycle, DevSecOps, Federal Government, State & Local Government, Technology
Government agencies strive to lower the cost of products and services to save taxpayers money. They also aim to shorten “procurement administrative lead time,” or PALT—the time from identification of need to delivery of value—to expedite their missions without delay.
Ben Allen
Application Lifecycle, Business Applications, Federal Government, State & Local Government
Case work is the universal working style of government agencies. Everything from handling customer service inquiries to issuing permits to responding to weather events—in short, any workflow a public sector organization handles—is a “case” that requires a systematic approach from start to finish.
Shari Ingerman
Application Lifecycle, State & Local Government, Technology
The good news is that we’ve officially moved into the next phase of the pandemic, where the White House expects the threat of serious illness to be considerably diminished. But the bad news? Nearly 18 million Americans stand to lose the Medicaid benefits granted to them during the public health crisis as eligibility determinations return to pre-pandemic guidelines.
Vishal Hanjan
Market Intelligence, State & Local Government, Technology
This is part of a podcast series where the Market Insights team provides insights and analysis on IT opportunities across the public sector. This episode features Yvonne Maffia, Senior Market Insights Analyst at TD SYNNEX Public Sector where she discusses how to leverage SLED Fiscal Year End Sales Opportunities. Listen to this podcast episode now.
Yvonne Maffia
Infrastructure, Market Intelligence, State & Local Government, Technology
Welcome to 2023 — an era of modernization where public sector information technology (IT) market growth is dominated by technologies that can create operational efficiencies and enhance the delivery of citizen-facing services. IT leaders are approaching municipality and jurisdictional operations from the lens of optimization, and there is only room for "smart" solutions.
Yvonne Maffia
Market Intelligence, State & Local Government, Technology
Cloud services continue to be a top priority for state chief information officers (CIOs), but the focus has accelerated due to the emergence of digital government and disruptions brought on by the Covid-19 pandemic. Over the last few years, we’ve seen cloud services quickly become a “must-have” for state, local and education (SLED) customers, emphasizing cost savings, scalability, agility, and flexibility.
Yvonne Maffia
Cybersecurity, Federal Government, Market Intelligence, Technology
The Department of Navy (DON) recently held its annual WEST Conference, this year with a strong emphasis on cybersecurity. The conference brought together key decision-makers from the Navy, Marine Corps, and Coast Guard, along with experts from various industries and government officials. The discussions were broad-ranging, covering topics related to naval warfare, technology, innovation, and cybersecurity.
Toan Le
Education, Market Intelligence, State & Local Government, Technology
In recent years, we have seen the rapid growth of esports (electronic sports), or competitive video gaming, with the global esports market already surpassing $1 billion and, according to a recent report from Stratview Research, expected to reach over $9 billion in 2028. Therefore, it should be no surprise that this trend has caught the interest of educational institutions, especially considering over 60% of esports fans are within the age range of the average secondary and post-secondary student, between 13 and 26 years old.
Gabriel Zighelboim
Cybersecurity, Market Intelligence, State & Local Government
2022 was a noteworthy year for the technology sector, particularly as it relates to cybersecurity. The post-pandemic era of modernization exposed the fragility of U.S. public sector technology infrastructure and systems, widening attack surfaces and posing additional challenges for state, local and education leaders. We have witnessed the whole gamut of continually evolving security threats, ranging from election security breaches, nation-state actors, threats to critical infrastructure, ransomware attacks, hacktivism and more.
Yvonne Maffia
Cybersecurity, Market Intelligence, State & Local Government
2022 was a noteworthy year for the technology sector, particularly as it relates to cybersecurity. The post-pandemic era of modernization exposed the fragility of U.S. public sector technology infrastructure and systems, widening attack surfaces and posing additional challenges for state, local and education leaders. We have witnessed the whole gamut of continually evolving security threats, ranging from election security breaches, nation-state actors, threats to critical infrastructure, ransomware attacks, hacktivism and more.
Yvonne Maffia
Cloud Computing, Cybersecurity, Education, Federal Government, IT Infrastructure, State & Local Government, Technology
The Cybersecurity and Infrastructure Security Agency (CISA) has seen increased malicious activity with ransomware attacks against K 12 educational institutions. Malicious cyber actors target school computer systems, slowing access, and rendering the systems inaccessible to essential functions, including remote learning. In some instances, ransomware actors stole and threatened to leak confidential student data unless institutions paid a ransom.
Ransomware attacks on US government organizations cost $18.9bn in 2020.
Asad Zaman
Cloud Computing, Cybersecurity, Education, Federal Government, IT Infrastructure, State & Local Government, Technology
The Cybersecurity and Infrastructure Security Agency (CISA) has seen increased malicious activity with ransomware attacks against K 12 educational institutions. Malicious cyber actors target school computer systems, slowing access, and rendering the systems inaccessible to essential functions, including remote learning. In some instances, ransomware actors stole and threatened to leak confidential student data unless institutions paid a ransom.
Ransomware attacks on US government organizations cost $18.9bn in 2020.
Asad Zaman
Cloud Computing, Cybersecurity, Education, Federal Government, IT Infrastructure, State & Local Government, Technology
The Cybersecurity and Infrastructure Security Agency (CISA) has seen increased malicious activity with ransomware attacks against K 12 educational institutions. Malicious cyber actors target school computer systems, slowing access, and rendering the systems inaccessible to essential functions, including remote learning. In some instances, ransomware actors stole and threatened to leak confidential student data unless institutions paid a ransom.
Ransomware attacks on US government organizations cost $18.9bn in 2020.
Asad Zaman
Cloud Computing, Cybersecurity, Federal Government, State & Local Government, Technology, Tips and How-Tos
TD Synnex Public Sector’s Chief Cybersecurity Technologist, Don Maclean sat down with Mark Guntrip, Senior Director of Security Strategy at Menlo Security, to discuss one of the latest emergent security threats.
James Hofsiss
Cloud Computing, Cybersecurity, Federal Government, State & Local Government, Technology, Tips and How-Tos
TD Synnex Public Sector’s Chief Cybersecurity Technologist, Don Maclean sat down with Mark Guntrip, Senior Director of Security Strategy at Menlo Security, to discuss one of the latest emergent security threats.
James Hofsiss
Market Intelligence, State & Local Government
2022 is ending, and it is time for U.S. public sector leaders to reflect on lessons learned while planning for the upcoming state and local government fiscal year-end. This year’s NASCIO Annual Conference highlighted the post-pandemic technology trends and challenges that are defining 2023 policy agendas and the future of technology acquisitions. The conference referenced the State Chief Information Officer Survey which assessed state CIOs’ thoughts on a wide array of topics that affect their roles as public sector technology and business leaders in today’s modern world.
Yvonne Maffia
Cybersecurity, Market Intelligence, Technology
“We must find fresh ways to connect forces, allies, and partners that provide an effective response to the challenge of a highly contested environment not seen in the last 20 years. Given the challenges we face today and in the future, we simply have no choice but to become more interoperable,” said General CQ Brown JR., U.S. Air Force Chief.
Toan Le
Cybersecurity
Cybersecurity Maturity Model Certification (CMMC) 2.0 is here. If your company is not prepared, the time to get ready is now, or your company may risk losing business with the Department of Defense (DoD).
The CMMC program requires cyber protection standards for companies in the Defense Industrial Base (DIB) and aims to protect sensitive unclassified information that the DoD shares with contractors and subcontractors.
Don Maclean
Cloud Computing, Cybersecurity, Technology, Tips and How-Tos
Every year, there are more and more security breaches, and it gets harder and harder to spot them. According to a leading cybersecurity vendor1, it takes almost seven months for organizations to find breaches, which gives malicious attackers plenty of time to get what they want.
Most often, system misconfigurations like default settings or credentials leave the door wide open for exploitation, resulting in these breaches. As organizations grow, this problem only gets worse because quick changes frequently result in skipped steps.
Heather Sweet
Cloud Computing, Cybersecurity, Technology, Tips and How-Tos, Training
Security is paramount in the digital age, especially when it comes to keeping networks secure. Having network security monitoring services stand between your organization and malicious attackers is crucial. Still, the volume of alerts and issues that come with them can easily overwhelm your team.
The volume of these alerts is rising every year too. According to a report by TrendMicro, 54% of teams surveyed felt like they were drowning in alerts, and 27% said they spent most of their time dealing with false positives.
Heather Sweet
IT Infrastructure, Market Intelligence, State & Local Government
The U.S. electric grid is critical infrastructure consisting of an ecosystem of communities, stakeholders, governments and economies. Most of the grid infrastructure was built decades ago and is unreliable. Bad actors know it. In 2015, Russian hackers carried out the first successful cyberattack on the nation's electricity grid, which was just one of an ongoing series of security breaches and attacks on US infrastructure and utilities.
Yvonne Maffia
IT Infrastructure, Market Intelligence, State & Local Government
The U.S. electric grid is critical infrastructure consisting of an ecosystem of communities, stakeholders, governments and economies. Most of the grid infrastructure was built decades ago and is unreliable. Bad actors know it. In 2015, Russian hackers carried out the first successful cyberattack on the nation's electricity grid, which was just one of an ongoing series of security breaches and attacks on US infrastructure and utilities.
Yvonne Maffia
Application Lifecycle, Cybersecurity, DevSecOps
Implementing zero trust may seem daunting, but it is also an opportunity to integrate more secure coding practices into your software applications from the start. Zero-trust security assumes that all traffic on your internal network is potentially malicious. Consequently, it requires taking measures to:
Don Maclean
Federal Government, State & Local Government, Tips and How-Tos
Government organizations have a bad rap for being inefficient. But with outdated technology and limited spending, they aren’t exactly set up for success. And the expectations from stakeholders are high, with funding provided primarily by taxpayer dollars.
Kristin Han
Federal Government, IT Perspective, State & Local Government
As government agencies and organizations look to modernize their technology stacks to keep up with changes in the workforce, aging solutions, and closing contracts, they’ll all set out with a similar process: submit an RFP, review submissions, and choose a vendor. Seems simple enough.
But what government CIOs often don’t realize is that requiring proven, specific use cases may be limiting what their new (and likely expensive) technology investment can do for their organization. Here’s what I mean.
Vishal Hanjan
Cybersecurity, Federal Government
The rise in a remote workforce and use of cloud-enabled business applications equates to the browser essentially becoming our office, providing access to all necessary tools, data, and communications. Threat actors understand this paradigm shift and are now utilizing Highly Evasive Adaptive Threats (HEAT) to initiate ransomware, extortion ware, and other endpoint intrusions.
HEAT attacks are the next generation of cyber threats.
Menlo Security
Cloud Computing, Cybersecurity, Technology, Tips and How-Tos
The digital landscape evolves fast, and attackers are even faster. New ways to attack systems and organizations appear every day, and traditional methods are starting to fall behind the times.
Highly Evasive Adaptive Threats (HEAT) are the newest step in the digital world for malicious attackers. These attacks are unlike anything security experts have seen before and lead to some of the most devastating breaches ever seen.
In this article, we’ll explain how HEAT attacks impact companies worldwide and how Menlo Security’s Isolation Core can help protect your organization.
Heather Sweet
Big Data & Analytics, Cybersecurity, Market Intelligence
In a recent webinar produced by Federal News Network, the Director of the Environmental Protection Agency (EPA)’s Office of Information Security and Privacy, Tonya Manning, detailed the state of the agency’s zero trust and data handling postures, as well as its latest priorities. We’ll spotlight several takeaways and look at what’s to likely come down the pike for the EPA in the coming months and years.
Zero Trust Architecture
Susanna Patten
Cloud Computing, Cybersecurity, Technology, Tips and How-Tos
The term "Integrated Management Workplace System" (IWMS) was first used by Gartner in 2004 to refer to a program that could manage and integrate all business and workplace requirements into a single, centralized solution. Since then, a number of solutions have emerged with the aim of bringing together various operational and organizational areas that had previously tended to operate in isolation from one another.
Heather Sweet
Cybersecurity, Federal Government, State & Local Government
This is the second post in the Threat-Based Methodology series. The first post introduced Threat-Based Methodology and the analysis conducted by the FedRAMP PMO and NIST. That post concluded with a list of the top seven controls based on their Protection Value. This post will explore CM-6 in greater depth and explain how Devo supports the ability to meet this control.
John Allison
Cybersecurity, Federal Government, State & Local Government
This is the second post in the Threat-Based Methodology series. The first post introduced Threat-Based Methodology and the analysis conducted by the FedRAMP PMO and NIST. That post concluded with a list of the top seven controls based on their Protection Value. This post will explore CM-6 in greater depth and explain how Devo supports the ability to meet this control.
John Allison
Cloud Computing, Cybersecurity, Technology
The development world has changed, and organizations are still adapting to developing in the cloud. Cloud native technology and containers are now at the forefront of software development, meaning that software no longer exists and operates locally. However, despite these quick advancements, cloud native application security still lags behind.
This article will cover how you should approach cloud native application security and why Snyk is the best solution for your needs.
Adam Fyffe
Cybersecurity, Education, Federal Government, State & Local Government
This three-part blog series will explore threat-based methodology and how it benefits every company with a network. The series leverages the analysis presented by the Federal Risk and Authorization Management Program (FedRAMP) Program Management Office (PMO) in conjunction with the National Institute of Standards and Technology (NIST).
John Allison
Cybersecurity, Education, Federal Government, State & Local Government
This three-part blog series will explore threat-based methodology and how it benefits every company with a network. The series leverages the analysis presented by the Federal Risk and Authorization Management Program (FedRAMP) Program Management Office (PMO) in conjunction with the National Institute of Standards and Technology (NIST).
John Allison