As threats continue to evolve, state and local governments benefit from federal grant funding to bolster their cybersecurity posture.

When a state, local, tribal and territorial (SLTT) government falls victim to a cyberattack, it impacts its digital networks and infrastructure. It also puts sensitive databases, personal identifiable information (PII) and constituents’ trust at risk. As the attack surface expands and attacks become more sophisticated, local governments are falling prey to threat actors.

The State and Local Cybersecurity Grant Program (SLGCP) is formally open, making $185 million in federal grant funding available for SLTT governments. It is the first installment of a four-year, $1 billion program created as a part of the Infrastructure Investment and Jobs Act (IIJA). Funding provided through this program enables SLTT governments to implement cybersecurity solutions that address the growing threats and risks to their information systems.

Specifics on the application process

Now that the application period is open, in order to receive funding, eligible agencies (defined as states or territories) must:

Submit an initial application through the portal at www.grants.gov.
Submit a final application through the Non-Disaster (ND) Grants System by November 15, 2022.
Establish a Cybersecurity Planning Committee.
Submit a Cybersecurity Plan that meets the 16 requirements defined in IIJA and in the Notice of Funding Opportunity (NOFO) and addresses the needs of local governments, including vulnerability management, prioritization and critical infrastructure protection.

More information about the application process and requirements can be found in the Department of Homeland Security Notice of Funding Opportunity (under the “Related Documents” tab) and on the Cybersecurity and Infrastructure Security’s SLCGP website. The 16 requirements for the Cybersecurity Plan are found on pages 68-70 of the NOFO under the “Required Elements” section of Appendix C.

How Tenable can help meet Cybersecurity Plan requirements

Tenable is uniquely positioned to help SLTT governments meet SLGCP grant requirements, like vulnerability management, prioritization and protecting critical infrastructure. Specifically, Tenable’s capabilities can help meet 13 of the 16 Cybersecurity Plan requirements, including:

“Implement a process of continuous cybersecurity vulnerability assessments and threat mitigation practices prioritized by degree of risk to address cybersecurity risks and cybersecurity threats on information systems, applications, and user accounts owned or operated by, or on behalf of, the state or local governments within the state.”
“Implement an information technology and operational technology modernization cybersecurity review process that ensures alignment between information technology and operational technology cybersecurity objectives.”
“Manage, monitor, and track information systems, applications, and user accounts owned or operated by, or on behalf of, the state or local governments within the state, and the information technology deployed on those information systems, including legacy information systems and information technology that are no longer supported by the manufacturer of the systems or technology.”

To learn more about how Tenable helps address these requirements and more, review Meeting IIJA Grant Requirements with Tenable Technologies.

Our risk-based vulnerability management solutions help SLTT agencies bolster their cyber defenses and address common SLTT concerns, such as critical infrastructure protection, implementing a zero trust strategy, protecting against ransomware and securing Active Directory. SLTT governments can reduce risk and strengthen their defenses with the ability to see across their entire attack surface, predict which vulnerabilities attackers are most likely to exploit and act to remediate critical vulnerabilities.

Learn more:

Tenable State and Local Cybersecurity Program Website
Meeting IIJA Grant Requirements with Tenable Technologies
Cybersecurity and Infrastructure Security’s SLCGP
How State and Local Governments and Bolster Their Cyber Defenses

Read More

This is an interesting attack I had not previously considered.

The variants are interesting, and I think we’re just starting to understand their implications.

Read More

Social media firm fixes issue that left sessions open

Read More

Social engineering tactics bear fruit for digital scammers

Read More

Credential compromise has been one of the top causes for network security breaches for a long time, which has prompted more organizations to adopt multi-factor authentication (MFA) as a defense. While enabling MFA for all accounts is highly encouraged and a best practice, the implementation details matter because attackers are finding ways around it.

One of the most popular ways is spamming an employee whose credentials have been compromised with MFA authorization requests until they become annoyed and approve the request through their authenticators app. It’s a simple yet effective technique that has become known as MFA fatigue and was also used in the recent Uber breach.

To read this article in full, please click here

Read More

The trial of former Uber CISO Joe Sullivan marks the first time a cybersecurity chief has faced potential criminal liability. Sullivan is charged with trying to conceal from federal investigators the details of a 2016 hack at Uber that exposed the email addresses and phone numbers of 57 million drivers and passengers. The two charges against Sullivan, obstruction of justice and failure to report a crime, carry potential jail time of five and three years, respectively, in a watershed case that has drawn the attention of security professionals.

To read this article in full, please click here

Read More