Governor Hochul Releases New York State Cybersecurity Grant Plan

 

Nearly $6 Million in Federal Funding Will Be Utilized to Help Local Entities Reduce Cyber Risk and Build Cyber Resiliency

State to Use Infrastructure Act Grant Funding to Procure Multi-Factor Authentication, Cybersecurity Scholarships and Cybersecurity Training Resources on Behalf of Local Partners

Online Interest Form Released to Eligible Entities to Indicate Interest in Receiving Services Provided Through This Program

Governor Kathy Hochul released the New York State Cybersecurity Grant Plan, which details a whole-of-state approach to reduce cyber risk and build cyber resiliency in local governments statewide. Through the utilization of nearly $6 million in funding through the federal State and Local Cybersecurity Grant Program, this grant program will expand access to cybersecurity information, tools, resources, and services so that public sector entities in New York have access to the most sophisticated cyber defenses. Given the funding available, New York will use its economy of scale purchasing power to directly procure and deliver best-in-brand software, hardware, and services to eligible entities.

“A cyberattack can halt an entire community, and it’s essential that local governments have the resources and information needed to protect themselves and quickly respond to a cyber threat,” Governor Hochul said. “This funding will provide tools to help municipalities secure critical infrastructure to protect New Yorkers and reduce cyber risks.”

As part of the federal Infrastructure Investment and Jobs Act of 2021, Congress established the State and Local Cybersecurity Grant Program (SLCGP) to award funding to each state to help eligible entities address cybersecurity risks and threats to information systems owned or operated by or on behalf of State, local, tribal, and territorial governments. The SLCGP FY2022 funding allocation for New York is $5,810,605, and at least 80 percent of the funds will be allocated to goods and services for local government entities, with at least 25 percent of that allocated to entities in rural areas.

To ensure the maximum number of New York entities can benefit from the limited SLCGP funds, New York will directly procure software, hardware, and services for delivery to eligible entities. During the program’s first year, New York State is focusing on shared services initiatives to help local government entities build a baseline level of cybersecurity. These initiatives are:

• Multi-Factor Authentication (MFA): MFA is a method to authenticate a user that requires them to provide two or more verification factors so they can gain access to a resource. New York will provide hardware and/or software tokens and professional services that eligible entities can use to implement MFA in their technology environments.
• Cybersecurity Certification Scholarship: New York will provide scholarships for select employees from eligible entities who currently have roles or responsibilities related to information technology, information security, cybersecurity, data privacy, and/or data security to achieve an industry-recognized cybersecurity certification.
• Cybersecurity Awareness Training: New York will provide an online cybersecurity awareness training for eligible entities for their employees.

Eligible entities can indicate their interest to participate in one or more of the shared services offerings by completing the SLCGP Interest Form. Responses to this form will help the state appropriately plan to address statewide need utilizing FY2022 funding in Year 1 of the program. A formal application process will commence later this year. Application information will be made available on the Division of Homeland Security and Emergency Services’ Grant Programs webpage.

The release of New York’s Cybersecurity Grant Plan is the latest step taken by Governor Hochul to strengthen the state’s cyber defenses and ensure the state and its local partners are prepared as digital threats continue to increase.

In August 2023, Governor Hochul released the first-ever New York State Cybersecurity Strategy that set forth an approach to cybersecurity and resilience based on the principles of unification, resilience, and preparedness. The Cybersecurity Strategy’s five pillars –Operate, Collaborate, Regulate, Communicate, and Grow– informed the development of the Grant Plan and are reflected throughout. As an administrative requirement of the SLCGP, the Grant Plan not only represents another facet of New York State’s extensive portfolio of cybersecurity measures that builds cybersecurity maturity among our critical institutions, but it is also an iterative effort designed to respond to the shifting needs of our state.

Under Governor Hochul's leadership, New York also launched a nation-leading program to provide cybersecurity services to county and local government entities, covering more than 76,000 government-owned computers across the state, and expanded the state’s law enforcement cyber capabilities by growing the Computer Crimes Unit, Cyber Analysis Unit, and Internet Crimes Against Children Center at the New York State Police. In 2024, Governor Hochul is expanding the Shared Services Program by extending eligibility for the endpoint detection and response shared service and adding an additional capability, attack surface management, to the Shared Services Program. To further protect New York's critical infrastructure, Governor Hochul has also proposed new hospital cybersecurity regulations and signed landmark legislation to protect New York's energy grid from cyberattacks. As cyber threats rapidly evolve, New York remains at the cutting edge of cybersecurity policy and continues to strengthen defenses across the public and private sectors.