CISA & FEMA Release $100M in Cybersecurity Grants to Strengthen State, Local, and Tribal Defenses

The U.S. Department of Homeland Security, through CISA and FEMA, has announced over $100 million in new cybersecurity grant funding for Fiscal Year 2025 — a critical investment aimed at protecting America’s most vulnerable digital frontlines. The funding is split between the State and Local Cybersecurity Grant Program (SLCGP), allocating $91.7 million, and the Tribal Cybersecurity Grant Program (TCGP), providing $12.1 million.

In this episode, we explore how these funds will be used to bolster defenses for state, local, and tribal governments (SLTT) — key operators of public services and critical infrastructure that face mounting threats from ransomware, nation-state attacks, and insider risks.

We’ll break down:

• The Objectives of the Grants: Governance and planning, cybersecurity workforce development, threat mitigation, and continuous assessment of cyber readiness.
• Eligible Uses: From hiring qualified cybersecurity staff and acquiring new tools like EDR platforms and VPNs to launching training and awareness programs, conducting tabletop exercises, and even migrating to the .gov domain.
• Unique Challenges for SLTT Entities: Limited resources, legacy systems, and the difficulty of balancing 24/7 operations with patching and security updates.
• The Tribal Cybersecurity Grant Program: Direct funding for federally recognized tribes, requiring approved cybersecurity planning committees and participation in CISA’s Cyber Hygiene Services.
• CISA’s Internal Strains: Ongoing staffing losses within the Joint Cyber Defense Collaborative (JCDC) may affect the agency’s ability to fully support grant recipients.
• Best Practices from the Cybersecurity Guidebook for Local Government 2.0: Including the “Necessary Nine” checklist — from offline backups and MFA to patch management and clear incident response plans.

With $1 billion allocated through the Bipartisan Infrastructure Law over four years, this latest round of funding marks a major step in the U.S. government’s strategy to reduce cyber risk and build long-term resilience. But questions remain: Will SLTT governments move fast enough to implement these measures? And can CISA maintain the capacity to oversee and support these initiatives effectively?

#CISA #FEMA #CybersecurityGrants #SLCGP #TCGP #StateCybersecurity #TribalCybersecurity #RansomwareDefense #CriticalInfrastructure #CyberResilience #ZeroTrust #CyberHygiene #CybersecurityWorkforce #DHS #CISAGrants