On February 23, 2024, Governor Kathy Hochul released the New York State Cybersecurity Grant Plan, which details a whole-of-state approach to reduce cyber risk and build cyber resiliency in local governments statewide. Through the utilization of nearly $6 million in funding through the federal State and Local Cybersecurity Grant Program, this grant program will expand access to cybersecurity information, tools, resources, and services so that public sector entities in New York have access to the most sophisticated cyber defenses. Given the funding available, New York will use its economy of scale purchasing power to directly procure and deliver best-in-brand software, hardware, and services to eligible entities.
“A cyberattack can halt an entire community, and it’s essential that local governments have the resources and information needed to protect themselves and quickly respond to a cyber threat,” Governor Hochul said. “This funding will provide tools to help municipalities secure critical infrastructure to protect New Yorkers and reduce cyber risks.”
As part of the federal Infrastructure Investment and Jobs Act of 2021, Congress established the State and Local Cybersecurity Grant Program (SLCGP) to award funding to each state to help eligible entities address cybersecurity risks and threats to information systems owned or operated by or on behalf of State, local, tribal, and territorial governments. The SLCGP FY2022 funding allocation for New York is $5,810,605, and at least 80 percent of the funds will be allocated to goods and services for local government entities, with at least 25 percent of that allocated to entities in rural areas.
To
ensure the maximum number of New
York entities can benefit from the limited
SLCGP funds, New
York will directly procure software,
hardware, and services for delivery to eligible entities. During the program’s
first year, New
York State is
focusing on shared services initiatives to help local government entities build
a baseline level of cybersecurity. These initiatives are:
1. Multi-Factor
Authentication (MFA): MFA is a method to authenticate a user that requires
them to provide two or more verification factors so they can gain access to a
resource. New York will provide
hardware and/or software tokens and professional services that eligible
entities can use to implement MFA in their technology environments;
2. Cybersecurity
Certification Scholarship: New Yorkwill provide scholarships for select employees from eligible entities who
currently have roles or responsibilities related to information technology,
information security, cybersecurity, data privacy, and/or data security to
achieve an industry-recognized cybersecurity certification; and
3. Cybersecurity
Awareness Training: New York
will provide an online cybersecurity awareness training for eligible entities
for their employees.
Eligible entities can indicate their interest to participate in one or more of the shared services offerings by completing the SLCGP Interest Form. Responses to this form will help the state appropriately plan to address statewide need utilizing FY2022 funding in Year 1 of the program. A formal application process will commence later this year. Application information will be made available on the Division of Homeland Security and Emergency Services’ Grant Programs webpage.
New York State Chief Cyber Officer Colin Ahern said, “New York is continuing to take decisive action to bolster cybersecurity statewide. Under Governor Hochul's leadership, and through our partnership with President Biden and Congress, New York is investing in a safer and more resilient cyber future for our communities.”
New York State Division of Homeland Security and Emergency Services Commissioner Jackie Bray said, "The threat posed by cyber-attacks continues to grow each year, making it critical we ensure our local partners have access to the cyber security services necessary to keep data and critical infrastructure safe. By utilizing a shared service model, we are making it easier for local governments to obtain key products that are essential in helping keep our communities safe from cyber criminals.”
Representative Jerry Nadler said, “The Bipartisan Infrastructure Law continues to deliver. Today’s announcement of the New York Cybersecurity Grant Plan will reduce cyber risk and strengthen cyber defense across our state—helping keep New Yorkers’ information protected and secure.”
Representative Grace Meng said, “As technology continues to evolve, the number of cyber threats to systems used by state and local governments each day will only increase. Thanks to the Bipartisan Infrastructure Law, which I helped to pass, we are making historic funding available to ensure that government entities across the state have the technology and training they need to secure and protect sensitive information that employees work with each day. Modernizing the systems that state and local governments utilize is long-overdue and as New York’s representative on the Regional Leadership Council – which works to promote and implement legislation signed into law by President Biden – I am happy to see federal funding supporting initiatives that will help them adapt to growing cybersecurity risks.”
Representative Adriano Espaillat said, “With our increased reliance on computer systems and the growing safety threat that AI presents, it is imperative that we take precautions to protect sensitive information held by our state and local governments. I commend Governor Hochul for taking the necessary steps to ensure New York is protected from dangerous cyber threats, and I encourage all eligible entities to participate in New York’s Cybersecurity Grant Plan to ensure they are prepared to prevent and combat cybersecurity attacks today and in the future.”
Representative Joe Morelle said, “As our digital landscape continues to evolve and change, it’s critical we continue taking the actions necessary to protect people, organizations, and governments from online threats. By establishing the New York State Cybersecurity Grant Plan using funding I helped secure in Washington, Governor Hochul is helping keep our state safe from cybersecurity threats and ensuring we remain at the forefront of these technologies for decades to come. I look forward to more opportunities to collaborate with state and local partners to bolster cybersecurity and support our local governments.”
Representative Andrew Garbarino said, “Securing our cyber landscape across the Nation starts with risk mitigation at the local level. In an increasingly interconnected world, every touchpoint is vulnerable with the potential for debilitating and cascading impacts across critical infrastructure sectors. That’s why I helped introduce the State and Local Cybersecurity Improvement Act last Congress to establish this grant program. I’m pleased to see the State rolling out this funding to help communities in New York improve their overall cybersecurity posture. Every organization, big and small, should act as though they will be the next victim of a cyberattack and prepare accordingly. Leveraging the many resources from CISA for smart investments in risk mitigation is an important first step.”
Representative Nicole Malliotakis said, “In today’s technological age, it’s critically important for private and public sector entities to be educated, vigilant and prepared against cyber security threats. I’m proud to have voted to secure this critical infrastructure funding to help our community build its cyber resiliency to prevent breaches in privacy, attacks against infrastructure and interruptions to services.”
Representative Ritchie Torres said, “The Cybersecurity Grant Plan underscores New York's commitment to bolstering cyber defenses in local governments. This plan, backed by nearly $6 million in federal funding, will enable us to provide essential tools, resources, and training to our public sector entities, ensuring they have the necessary defenses against evolving threats. Together, we can build a stronger and more secure New York for all.”
The release of New York’s Cybersecurity Grant Plan is the latest step taken by Governor Hochul to strengthen the state’s cyber defenses and ensure the state and its local partners are prepared as digital threats continue to increase.
In August 2023, Governor Hochul released the first-ever New York State Cybersecurity Strategy that set forth an approach to cybersecurity and resilience based on the principles of unification, resilience, and preparedness. The Cybersecurity Strategy’s five pillars –Operate, Collaborate, Regulate, Communicate, and Grow– informed the development of the Grant Plan and are reflected throughout. As an administrative requirement of the SLCGP, the Grant Plan not only represents another facet of New York State’s extensive portfolio of cybersecurity measures that builds cybersecurity maturity among our critical institutions, but it is also an iterative effort designed to respond to the shifting needs of our state.
Under Governor Hochul's leadership, New York also launched a nation-leading program to provide cybersecurity services to county and local government entities, covering more than 76,000 government-owned computers across the state, and expanded the state’s law enforcement cyber capabilities by growing the Computer Crimes Unit, Cyber Analysis Unit, and Internet Crimes Against Children Center at the New York State Police. In 2024, Governor Hochul is expanding the Shared Services Program by extending eligibility for the endpoint detection and response shared service and adding an additional capability, attack surface management, to the Shared Services Program. To further protect New York's critical infrastructure, Governor Hochul has also proposed new hospital cybersecurity regulations and signed landmark legislation to protect New York's energy grid from cyberattacks. As cyber threats rapidly evolve, New York remains at the cutting edge of cybersecurity policy and continues to strengthen defenses across the public and private sectors.