DHS to Provide $25 Million More for Cybersecurity GrantsCISA May Launch Other Grants as Well
The U.S. Department of Homeland Security will provide an additional $25 million in grants to state and local cybersecurity preparedness programs with a particular focus on combatting ransomware, Secretary Alejandro Mayorkas announced Thursday.
Mayorkas also announced that DHS is considering funding additional grants to be managed by the U.S. Cybersecurity and Infrastructure Security Agency to support state and local authorities battling ransomware. And he said DHS would implement a series of "cybersecurity sprints" to mobilize action in priority areas.
"As we have seen in recent events, attacks on our cyber networks can have devastating effects," Mayorkas said.
Dirk Schrader, global vice president for security research at the software company New Net Technologies, is skeptical the $25 million in additional funding will result in substantial improvements in cybersecurity.
"Government funding has a tendency to look insufficient or falsely distributed for those involved. This grant, announced by DHS, surely will be looked at the same way," Schrader says.
Grant Funding Increase
The additional cybersecurity grants will be distributed through the State Homeland Security Program and Urban Area Security Initiative.
"With this funding, state and local grant recipients can conduct cybersecurity risk assessments, strengthen their 'dot gov' internet domains, improve the cybersecurity of their critical infrastructure and conduct additional cybersecurity training and planning," Mayorkas said.
Schrader says DHS should provide clear guidance to state and local authorities on projects to be funded by the new grant money. "Just doing more of the same cybersecurity approach as before will not help to improve the nation's cyber resilience as recent events like the SolarWinds incident have shown," he says.
Mayorkas said during a speech at the 2nd Annual President's Cup Cybersecurity Challenge Thursday that that new grant funding would help eliminate gaps in the nation's cyber defenses.
"Ransomware - like most cyberattacks - exploits the weakest link," he said. "In addition to disrupting city governments, schools and companies, ransomware has also been disrupting hospitals and health care facilities who are already strained going above and beyond the call of duty during this ongoing crisis."
DHS will call on the U.S. Secret Service, through its Cyber Fraud Task Forces, to help track down ransomware attackers and coordinate with other agencies to counter the threat, Mayorkas added.
The "cybersecurity sprints" will mobilize action in specific priority areas, including battling ransomware, the secretary says.
"These sprints will be calls to action to make tangible progress in key areas. To start, we will be developing an initial set of sprints dedicated to combatting ransomware, building a deep and diverse cyber workforce and urgently improving the security of our nation's industrial control systems," Mayorkas said.
The program is based on the model of the 30-day cybersecurity sprint that took place in 2015 (see: 30-Day Cybersecurity Sprint: Just a Start).