The White House has recently announced a $1 billion cyber security grant program that is designed to help state and local governments improve their cyber defenses, especially about protecting critical infrastructure. The recent executive order stems from the $1.2 trillion infrastructure bill that was signed almost a year ago. That bill allocated $1 billion for protecting critical infrastructure against cyber-attackin the wake of a series of high-profile ransomware attacks such as the one that brought down the Colonial Pipeline.
Those government agencies who wish to take advantage of these funding opportunities must submit a grant proposal by mid-November. Proposals are only being accepted for the sixty days following the program’s announcement.
Grant recipients can use the funding to invest in new cybersecurity initiatives or to make improvements to existing defenses. Awardees are guaranteed to receive a minimum of $2 million. However, the program’s requirements stipulate that 80% of the funding must be invested in local or rural communities. Additionally, recipients are required to distribute at least 3% of funds received to tribal governments.
Although companies in the private sector are not eligible for these grants, the private sector will likely see an indirect benefit. The fact that governments are placing an increased focus on cyber security will surely help IT security teams because of the attention that it will bring to the seriousness of addressing cyber security threats.
This national attention, in turn, should make it easier for IT security teams to get their budgets approved.
Securing your own IT security budgets for 2023
Getting funding for IT initiatives can be tricky in even the best of circumstances. The current economic recession would ordinarily make it all but impossible for IT security teams to get funding for new security initiatives, barring some sort of disaster. However, the emphasis that the federal government is currently placing on cyber security may give IT pros the opportunity they need to have a frank discussion about security within their organization, which may ultimately lead to getting security projects funded.
Here are six basic steps IT pros can use to improve their odds of receiving the funding that they need:
Step One: Outline the problem
The first step involves demonstrating to higher-ups that your project is intended to protect against a credible threat. Recent headlines can help to provide the evidence that you need and gives you the chance to make the case that if the government is taking cybersecurity threats seriously, then your organization should too. Besides, if the government is stepping up its cyber defenses, then attackers may be inclined to move on to softer targets, such as businesses that are still relying on legacy security tools.
Step Two: Prove your point
This leads to the second step outlined in the article, which is to use data to your advantage. This might mean citing recent cybercrime statistics or using the available security tools to gather statistics from your own organization, highlighting the problem that you are trying to solve.
Step Three: Present a solution
Next, you’ll want to highlight what your proposed solution would do. It’s one thing to demonstrate that a security problem is real, but you also need to be prepared to explain how your intended solution will fix the problem.
Step Four: Set the date
Step 4 is all about creating an implementation schedule. Those who are tasked with managing an organization’s finances are almost always concerned about return on investment. In other words, how long is it going to take for a newly acquired product to provide enough of a benefit to offset its cost. You need to demonstrate that your proposed solution’s cost is justified and that it will be implemented and provide a return on investment in a reasonable amount of time. This also keeps your entire stakeholder team accountable to the agreed-upon timeframe.
Step Five: Show them the money
In this approval process, you’ll need to demonstrate estimated savings for the company. Yes, your new security tool might protect an organization from catastrophic financial loss due to a ransomware attack or a regulatory violation, but it’s important to show savings in other ways too. For example, will adopting a new tool reduce the number of overtime hours that the IT department works?
Step Six: Bring the research
Finally, you’ll want to show that you have looked at competing solutions and prepared a price comparison. It’s okay if your proposed solution is not the cheapest option. Just make sure that you can rationalize why you are not recommending the least expensive option.
Prove the need for IT Security Budget with data
Of course, before you can even begin seeking funding for an enhanced cybersecurity defense, you need to show how your organization could potentially be at risk for a cyber-attack. Since many such attacks target the Active Directory, you might begin your data-gathering efforts by using Specops Password Auditor to scan your Active Directory for password vulnerabilities.
This free, read-only tool can help you detect passwords that do not adhere to your password policy or to, compliance requirements or industry best practices. More importantly, you can find out which users are using passwords that are known to have been leaked from a database of over 875 million, making those accounts vulnerable because their passwords are available for purchase on the dark Web.
Specops Password Auditor is just one of the countless free security tools that are available online, but it is a great place to start because it does a good job of detecting real security vulnerabilities that exist right now within your own organization.