Hochul releases New York State Cybersecurity Grant plan

Nearly $6 million in federal funding will be utilized to help local entities reduce cyber risk and build cyber resiliency

√ State to use funding to procure multi-factor authentication, cybersecurity scholarships and cybersecurity training resources on behalf of local partners

√ Online interest form released to eligible entities to indicate interest in receiving services provided through this program

Gov. Kathy Hochul has released the New York State Cybersecurity Grant plan, which details a whole-of-state approach to reduce cyber risk and build cyber resiliency in local governments statewide. Through the utilization of nearly $6 million in funding through the federal State and Local Cybersecurity Grant program, this initiative will expand access to cybersecurity information, tools, resources and services so that public sector entities in New York have access to “the most sophisticated cyber defenses.”

A press release noted, “Given the funding available, New York will use its economy of scale purchasing power to directly procure and deliver best-in-brand software, hardware and services to eligible entities.”

Hochul said, “A cyberattack can halt an entire community, and it’s essential that local governments have the resources and information needed to protect themselves and quickly respond to a cyber threat. This funding will provide tools to help municipalities secure critical infrastructure to protect New Yorkers and reduce cyber risks.”

Hochul’s team stated, “As part of the federal Infrastructure Investment and Jobs Act of 2021, Congress established the State and Local Cybersecurity Grant program (SLCGP) to award funding to each state to help eligible entities address cybersecurity risks and threats to information systems owned or operated by or on behalf of state, local, tribal and territorial governments. The SLCGP FY2022 funding allocation for New York is $5,810,605, and at least 80% of the funds will be allocated to goods and services for local government entities, with at least 25% of that allocated to entities in rural areas.

“To ensure the maximum number of New York entities can benefit from the limited SLCGP funds, New York will directly procure software, hardware and services for delivery to eligible entities. During the program’s first year, New York state is focusing on shared services initiatives to help local government entities build a baseline level of cybersecurity.”

These initiatives are:

•Multi-factor authentication: MFA is a method to authenticate a user that requires them to provide two or more verification factors so they can gain access to a resource. New York will provide hardware and/or software tokens and professional services that eligible entities can use to implement MFA in their technology environments.

•Cybersecurity certification scholarship: New York will provide scholarships for select employees from eligible entities who currently have roles or responsibilities related to information technology, information security, cybersecurity, data privacy, and/or data security to achieve an industry-recognized cybersecurity certification.

•Cybersecurity awareness training: New York will provide an online cybersecurity awareness training for eligible entities for their employees.

Eligible entities can indicate their interest to participate in one or more of the shared services offerings by completing the SLCGP interest form. Responses to this form will help the state appropriately plan to address statewide need utilizing fiscal year 2022 funding in year 1 of the program. A formal application process will commence later this year. Application information will be made available on the Division of Homeland Security and Emergency Services’ grant programs webpage.

New York State Chief Cyber Officer Colin Ahern said, “New York is continuing to take decisive action to bolster cybersecurity statewide. Under Gov. Hochul's leadership, and through our partnership with President Biden and Congress, New York is investing in a safer and more resilient cyber future for our communities.”

New York State Division of Homeland Security and Emergency Services Commissioner Jackie Bray said, "The threat posed by cyberattacks continues to grow each year, making it critical we ensure our local partners have access to the cybersecurity services necessary to keep data and critical infrastructure safe. By utilizing a shared service model, we are making it easier for local governments to obtain key products that are essential in helping keep our communities safe from cyber criminals.”

In August 2023, Hochul released the first-ever New York State Cybersecurity Strategy that set forth an approach to cybersecurity and resilience based on the principles of unification, resilience and preparedness. The cybersecurity strategy’s five pillars – operate, collaborate, regulate, communicate and grow – informed the development of the grant plan and are reflected throughout.

New York also launched a program to provide cybersecurity services to county and local government entities, covering more than 76,000 government-owned computers across the state, and expanded the state’s law enforcement cyber capabilities by growing the Computer Crimes Unit, Cyber Analysis Unit, and Internet Crimes Against Children Center at the New York State Police. In 2024, Hochul is expanding the shared services program by extending eligibility for the endpoint detection and response shared service and adding an additional capability, attack surface management, to the shared services program.