Funding Security at the Local Level

The State and Local Cybersecurity Grant Program (SLCGP) was launched as part of the 2021 infrastructure law to help states and localities bolster their cybersecurity defenses. State and local agencies hold incredibly sensitive data yet historically lack the budget and staff to implement modern security tools and approaches, making them a target for threat actors. The SLCGP was designed to bridge this gap, allowing states to bolster their cyber infrastructure. Funding for this program is set to expire in September 2025, leaving states worried about how they will continue to maintain and enhance their cybersecurity postures.

What is the SLCGP?

The Cyber Grant Program is jointly administered by the DHS's Federal Emergency Management Agency and the Cybersecurity and Infrastructure Security Agency. It requires states to funnel 80% of the funding to local governments, which are often the shortest on IT staff and funding, to ensure the equitable distribution of funding across organizations. Continue reading

Event Spotlight: Gartner Security & Risk Management Summit

The 2025 Gartner Security & Risk Management Summit invites attendees to "Engage. Innovate. Lead." The event draws on the expertise of Gartner analysts to address the challenges of increasingly complex cyber environments, providing insights on cybersecurity strategy and innovation, leadership, business engagement, metrics, risk management, cloud security, data security, AI, and more.

Access to Gartner analysts is a major feature of the summit. In addition to presenting research and insights in sessions, analysts are available to meet with attendees throughout the event.

This year's summit is being held June 9-11 in National Harbor, MD, just outside of Washington, DC. Gartner has seen tremendous growth in interest over the years, and this year's gathering is expected to be the biggest yet, with around 5,400 attendees. This growth can be attributed to the increased use of artificial intelligence (AI). AI use introduces new efficiencies to organizations but also opens up new opportunities for threat actors to infiltrate and impact those groups. Additionally, regulations around AI use are just being developed, leaving many chief information security officers (CISOs) unsure of how best to implement and secure AI, as well as how to communicate the associated risks to senior stakeholders. Continue reading

Three Approaches to Identity Management

Identity management is the way organizations control access to resources to ensure that the right individuals have access to the right resources at the right time, and it is a key pillar of zero trust architecture. In a zero trust system, a user has to validate and verify their identity continually as they access data and systems. But to function well, this process has to be seamless for the end user. Traditional security measures dependent on passwords cannot scale to meet the needs of zero trust--imagine how time-consuming and frustrating it would be to continually enter a password every time you move to a new application or data set. Fortunately, there are several approaches organizations can use to achieve high levels of both security and useability.

FIDO

Fast identity online (FIDO) is an authentication standard designed to improve security and convenience in identity management by eliminating reliance on traditional passwords. Strong authentication is achieved by using biometrics (such as fingerprints or facial recognition), security keys, or PINs stored on a local device. Continue reading

Blockchain on Your Block

Beyond its use for cryptocurrency, Blockchain is proving to be a valuable technology to help modernize government service delivery. The key quality of blockchain is its ability to record transactions immutably. Managing transactions is a key function of state and local governments, and as such, they are looking for ways to incorporate blockchain as part of their digital modernization processes.

The decentralization of blockchain provides a level of transparency and accountability not typically associated with government. It can give citizens more control over their data and let them more easily check the status of requests they've made of their state and local governments. Continue reading

Next Gen Tech Needs Next Gen Acquisition

The speed at which technology evolves presents many challenges for the federal government, the first being the actual acquisition of solutions. Government procurement processes and policies have had to adjust and evolve to enable agencies to buy and implement the emerging technologies that support their mission.

Utilizing Existing Platforms

The Federal Risk and Authorization Management Program (FedRAMP) may be the largest and most visible example of this evolution, allowing agencies to securely acquire cloud solutions. The program is being used as a platform to ensure that other transformative technologies, like the cloud, can securely make their way into government systems. The Emerging Technology Prioritization Framework provides guidance on how cloud service providers can request their emerging tech-powered products be prioritized and then implemented. The initial focus will be on artificial intelligence (AI) solutions, focusing on chat interfaces, code generators and debugging tools, image generators, and associated application program interfaces. Continue reading