Your browser does not support JavaScript!

Grant Programs

Federal cybersecurity grants

On Sept. 16, 2022, the Department of Homeland Security (DHS) announced a first-of-its-kind cybersecurity grant program specifically for state, local, and territorial (SLT) governments across the country.

The Department of Homeland Security (DHS), through the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Emergency Management Agency (FEMA) released the notice of funding opportunity information on their website: https://www.cisa.gov/cybergrants.

VITA, in partnership with the State Administrative Agency (SAA) for the Commonwealth, the Virginia Department of Emergency Management, has applied and been approved for program years 1 and 2. Program years 3 and 4 are yet to come. 

 

State and Local Cybersecurity Grant Program (SLCGP)​

Our nation faces unprecedented cybersecurity risks, including increasingly sophisticated adversaries, widespread vulnerabilities in commonly used hardware and software, and broad dependencies on networked technologies for the day-to-day operation of critical infrastructure. Cyber risk management is further complicated by the ability of malicious actors to operate remotely, linkages between cyber and physical systems, and the difficulty of reducing vulnerabilities. 

The State and Local Cybersecurity Grant Program (SLCGP) is administered by the Department of Homeland Security (DHS) and funded by the Infrastructure Investment and Jobs Act (IIJA). The SLCGP is a reimbursable pass-through grant program with an overall goal of improving the cybersecurity posture of state, local and territorial (SLT) government organizations. It provides assistance for managing and reducing systemic cyber risk through the following objectives:

  • Objective 1: Develop and establish appropriate governance structures, including developing, implementing, or revising cybersecurity plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations. 
  • Objective 2: Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments. 
  • Objective 3: Implement security protections commensurate with risk.
  • Objective 4: Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility.

Virginia's awards for program year 1 and year 2 represent the beginning of Virginia's journey to achieve these objectives.

Establishment of the Virginia Cybersecurity Planning Committee and the creation and CISA-approved state cybersecurity plan have created the governance and priorities to ensure Virginia's successful achievement of the program's objectives.

Funding

Virginia was awarded more than $12MM in grant funding through year 1 and year 2 SLCGP grant awards. 

Driven by the increase in cyber threats, the grants do require states to cover a percentage of the costs with matching funds. In 2022, the Virginia General Assembly appropriated state matching funds, more than $4.9 million.

VITA and our partners, including the Virginia Department of Energy Management (VDEM) serving as the State Administrative Agency (SAA), are collaborating with the Virginia Cybersecurity Planning Committee (VCPC), which was created in response to grant program requirements. The VCPC developed a statewide cybersecurity plan, also as required by the grant program, and will prioritize projects and subgrant awards based on the goals and objectives of the plan.

Virginia Cybersecurity Planning Committee (VCPC)​

The VCPC was created pursuant to the Infrastructure Investment and Jobs Act (IIJA), Pub. L. No. 117-58, § 70612 2021), and Item 93(F) of Virginia’s 2022 Appropriation Act. Governor Youngkin appointed the members of the VCPC, who represent state and local stakeholders and have experience in technology and cybersecurity.

Cybersecurity Plan

Virginia's statewide cybersecurity plan, created by the VCPC, represents a continued commitment to improving and supporting a whole of state approach to cybersecurity. The plan also meets the requirement of the current U.S. Department of Homeland Security guidelines for the SLCGP.​

The Cybersecurity Plan includes actionable and measurable goals and objectives focused on: inventory and control of technology assets, software and data, threat monitoring, threat protection and prevention, data recovery and continuity, and understanding an organization’s cybersecurity maturity level. They are designed to support the Commonwealth in planning for effective security technologies and navigating the ever-changing cybersecurity landscape.​

Cybersecurity Plan Vision for Improving Cybersecurity​

  • Create a cybersecurity ecosystem supporting a whole of state approach for state and local governments to safeguard critical infrastructure, protect Virginians’ data, and ensure the continuity of essential services. ​

Cybersecurity Plan Mission​

  • To further establish and enhance the cybersecurity capabilities of state, local, and tribal government entities in Virginia by providing a framework of technology and services to effectively identify, mitigate, protect, detect, and respond to cyber threats. Through leveraging of shared capabilities, strategic planning, and common technology the Commonwealth of Virginia strives to efficiently and effectively protect the confidentiality, integrity, and availability of critical systems, data, and services that benefit Virginians.​

View the 2022 Virginia Cybersecurity Plan.​

Current Projects

Program Year 1 Projects​

The following projects have been approved by the VCPC and will be implemented using SLCGP funding:

  • Management and administration – Funding to provide for the administration, oversight and compliance of the grant award
  • Cyber threat indicator information sharing – Funding a security operations center
  • Cybersecurity plan and assessments – Funding to establish the Virginia Cybersecurity Plan and complete a cybersecurity plan capability assessment​
  • *Application window closed* – Funding to conduct baseline assessments against the state-wide cybersecurity plan program objectives

FAQs: State and Local Cybersecurity Grant Program

To learn more about the State and Local Cybersecurity Grant Program (SLCGP), visit frequently asked questions (FAQs).

Contact

For questions about Virginia’s participation in the SLCGP and active projects, contact cybercommittee@vita.virginia.gov

To reach the VCPC, contact cybercommittee@vita.virginia.gov

Call for Advisors

If you have professional experience relating to cybersecurity or information technology and are interested in applying to become a committee advisor, please complete our online application.

Stay connected with the SLCGP

  1. Join the VDEM listserv for this grant:
  2. Attend a Virginia Cybersecurity Planning Committee (VCPC) meeting or review past meeting materials:
  3. Contact the cybercommittee@vita.virginia.gov with any questions