The U.S. Department of Homeland Security announced Friday that the first-ever cybersecurity grant program designed for state, local and territorial governments nationwide will distribute $1 billion over the next four years.
The cybersecurity funding will be available through the State and Local Cybersecurity Grant Program, which states can apply for and then allocate to school districts and local governments. Districts cannot directly apply for the federal grant, which was established by the Infrastructure Investment and Jobs Act of 2021.
The grant can be used to address cybersecurity risks or threats on information systems owned or operated by school districts to support best cybersecurity practices, such as multi-factor authentication, enhanced logging and data encryption.
The money cannot be used, however, to purchase cybersecurity insurance or for extortion payments resulting from a ransomware incident, according to K12 Security Information Exchange, or K12 SIX, a nonprofit aiming to protect the K-12 community from cybersecurity threats.
This kind of federal support for K-12 cybersecurity is overdue, K12 SIX said in a statement.
“It is our hope that the successful implementation of this program lays the groundwork for even more significant federal support of K-12 cybersecurity needs in the future,” the nonprofit said.
Ultimately, the state will decide how and where to distribute funds. At a minimum, 80% of these state grant allocations must be distributed to local government agencies, which include school districts. Additionally, at least 25% of the funds should go to rural communities.
Considering this, K12 SIX recommends district leaders proactively contact their state’s chief information officer to find out how they plan to implement the federal grant.
The grants require states to create a cybersecurity planning committee and a cybersecurity plan. States also must conduct assessments and evaluations to set statewide priorities for the funding.
The grant announcement follows this month's ransomware attack on Los Angeles Unified School District that took down many of its IT systems.
Shortly after the LAUSD attack, the FBI, Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center issued an alert that a hacker group called Vice Society is disproportionately targeting the education sector. Since then, Vice Society has reportedly claimed responsibility for the LAUSD incident.
Meanwhile, calls have increased from K-12 technology organizations seeking more federal support to help school districts protect themselves against these massive cybersecurity threats and attacks. That includes a request that federal E-rate funding support cybersecurity in schools and libraries.