Tag Archives: Cybersecurity and Infrastructure Security Agency

Funding Security at the Local Level

Posted on by

The State and Local Cybersecurity Grant Program (SLCGP) was launched as part of the 2021 infrastructure law to help states and localities bolster their cybersecurity defenses. State and local agencies hold incredibly sensitive data yet historically lack the budget and staff to implement modern security tools and approaches, making them a target for threat actors. The SLCGP was designed to bridge this gap, allowing states to bolster their cyber infrastructure. Funding for this program is set to expire in September 2025, leaving states worried about how they will continue to maintain and enhance their cybersecurity postures.

What is the SLCGP?

The Cyber Grant Program is jointly administered by the DHS's Federal Emergency Management Agency and the Cybersecurity and Infrastructure Security Agency. It requires states to funnel 80% of the funding to local governments, which are often the shortest on IT staff and funding, to ensure the equitable distribution of funding across organizations. Continue reading

DHS’s Commitment to Innovation

Posted on by

Under its umbrella mission of "securing the nation from the many threats we face," the Department of Homeland Security (DHS) defines several mission areas critical to meeting this goal. These include countering terrorism and preventing threats, securing and managing borders, administering immigration, securing cyberspace, building resilience, and responding to incidents, as well as combating crimes of exploitation. To support these areas, the DHS Innovation, Research & Development Strategic Plan defines eight scientific areas as focal points for research:

  • Advanced sensing
  • AI and autonomous systems
  • Biotechnology
  • Climate change
  • Communications and networking
  • Cybersecurity
  • Data integration, analytics, modeling, and simulation
  • Digital identity and trust

In a previous post, we looked at DHS's work with artificial intelligence (AI), digital identity, and climate change. In this post, we'll take a look at the activity happening in more of these eight areas. Continue reading

The State of Cybersecurity in the States

Posted on by

State and local agencies are some of the most attractive and vulnerable targets for cyber criminals. In 2023, malware attacks increased by 148%, and ransomware incidents increased by 51%. These agencies are targeted because they hold valuable personal data on citizens and control critical services--yet their security efforts have historically been underfunded and under-resourced. However, the tide may be changing.

A report on the ransomware experiences of state and local government in 2024 showed a dramatic decrease in the number of those organizations that were impacted this year. The report found ransomware attacks impacting 34% of state and local governments, marking a sharp decrease from the 69% affected in 2023. Let's take a look at some of the trends and activities that are fueling the improvement in state and local cybersecurity. Continue reading

Securing the Machines that Drive our Democracy

Posted on by

The devices used in voting are relatively low-tech. In order to avoid cyber threats, even those that use a touch screen to capture votes are intentionally not connected to the internet. However, even this unconnected approach has security risks that need to be addressed so that these devices and the data they hold aren't tampered with. The states and localities that administer elections are continually focused on the full spectrum of security risks, putting processes and systems in place in advance of election day to ensure that voting is safe and secure.

Diversity is a Strength

The diversity of voting machines being used across the country reduces threat impacts. If there is an issue with a piece of software, it won't impact the entire national voting system, just particular machines. While software vulnerabilities are still huge problems, standardizing on one type of machine nationwide would mean one software bug could wipe out all electoral results. Continue reading

How the Healthcare Industry Is Working to Become Immune to Ransomware

Posted on by

The first known ransomware attack occurred in 1989 and was targeted at the healthcare industry. The attention and attractiveness of healthcare organizations to ransomware hackers have not waned in the decades since. In fact, attacks are growing by 70-100 percent year over year. In 2023, there were over 460 ransomware attacks impacting U.S. health organizations, making it the most targeted industry.

This year, a major attack delayed prescription fillings and led to cash flow issues at facilities across the country. The American Healthcare Association said that 94% of hospitals have reported financial impact from the incident, with some losing upward of $1 billion per day in revenues. Continue reading