K-12 Cybersecurity Grants: Applying for the SLCGP

Strengthening cybersecurity in K-12 schools is more critical than ever. Unfortunately, many schools, especially those in underfunded districts, lack the necessary resources to secure their digital networked environments.

In fact, according to the May 2023 CoSN State of EdTech Leadership report, cybersecurity remains respondents’ top priority for the fifth year in a row. However, 66 percent of school districts do not have a full-time cybersecurity position.

This gap leaves them vulnerable to cyberattacks, which can disrupt learning, compromise sensitive data and drain limited resources. However, there is hope in the form of grant programs, like the State and Local Cybersecurity Grant Program (SLCGP).

Background: SLCGP

K-12 schools in the U.S. face an estimated annual shortfall of $150 billion. For underfunded schools, these costs represent a financial burden and make it even more difficult to prioritize cyber resilience amid the growing threat of a cyber attack.

To help address these challenges, the U.S. Department of Homeland Security has made $1 billion in funding available through the SLCGP over the next four years. This initiative aims to support state, local and territorial governments, including school districts, in mitigating cybersecurity risks and threats to their information systems.

Authorized under the federal Infrastructure and Jobs Act of 2021, the SLCGP's primary goal is to assist these groups in managing and reducing systemic cyber risks. This includes developing or revising cybersecurity plans, implementing these plans and addressing imminent cybersecurity threats.

Applying for the SLCGP

Applying for any grant program often presents significant challenges. The application process can be daunting, requiring detailed proposals, comprehensive cybersecurity plans and proof of need. This is especially true for underfunded school districts.

In fact, many schools lack the administrative support or expertise to navigate these sometimes complicated requirements successfully. Furthermore, the competitive nature of grant applications means that even well-prepared submissions are not guaranteed funding.

Key considerations when applying:

• Understand eligibility and requirements: Only states and territories can directly apply for these grants. However, at least 80% of a state's award must be sub-granted to local government agencies, including school districts. Schools should collaborate with their state's Cybersecurity Planning Committee to ensure their needs are included in the state's application.
• Prepare a cybersecurity plan: Schools must either develop a new cybersecurity plan or revise an existing one. This plan should be comprehensive, addressing all potential cybersecurity risks and outlining specific measures to mitigate these threats.
• Submit a complete application: The application must include the cybersecurity plan, proof of collaboration with the Cybersecurity Planning Committee and a detailed budget. Schools should ensure their applications are thorough, clearly demonstrating the need for cybersecurity improvements and how the grant funds will be utilized.

For example, in Wisconsin, the SLCGP is now open. There will be four cycles of funding made available with increasing cost share requirements of 0%, 20%, 30% and 40%, respectively. The deadline to apply for the first cycle of funding under the SLCGP is August 15, 2024.

Using SLCGP funds

Recent statistics from the Government Accountability Office's report are alarming: over 600,000 K-12 students were affected by ransomware attacks in 2021 alone. The average cybersecurity incident now costs organizations about $2 million. In some cases, the cost is even higher.

How SLCGP funds can help combat cyber attacks:

• Cybersecurity plans: Schools can use the funds to develop robust cybersecurity plans or enhance existing ones, ensuring they address all potential threats and vulnerabilities.
• Regular security audits: Regular audits help schools identify weaknesses and implement necessary improvements. Ideally, these should be conducted at least every six months.
• Training and awareness programs: Educating staff, students, and parents on cybersecurity best practices is crucial. Programs can focus on identifying phishing attempts, safe internet use, and reporting suspicious activities.
• Technology infrastructure: Funds can be allocated to upgrade outdated systems, install advanced security technologies, and implement solutions like multi-factor authentication (MFA) and managed detection and response (MDR).
• Incident response plans: Developing detailed incident response plans using processes like PICERL (Preparation, Identification, Containment, Eradication, Recovery and Lessons) ensures schools are prepared to handle any security breaches effectively.

Assessing your school’s cyber risk

A crucial step in preparing for the SLCGP application is understanding and documenting your school's current cybersecurity posture. These assessments are crucial for understanding the current state of your school's cybersecurity program and its grant needs to inform your proposal.

At UncommonX, we leverage the structured approach of the NIST Cybersecurity Framework to conduct these assessments, providing a clear framework for managing and mitigating cyber risks. In fact, the founder of UncommonX was a contributing author to the original framework.

Through this detailed assessment, UncommonX delivers a prioritized set of recommendations that focus on practical, but impactful improvements, helping schools to create effective grant proposals. This may include:

• Conducting security audits: A comprehensive security audits, providing an objective assessment of your school's cybersecurity strengths and weaknesses.
• Documenting plans for various scenarios: Best practices like the PICERL process to prepare for different types of security incidents.
• Reviewing communication protocols: So that all staff, parents, and students know how to report suspicious activities and are aware of potential phishing threats.
• Detailing system updates and backups: A strict schedule for system updates, backups and security patches to protect against vulnerabilities.

Additional opportunities for funding

SLCGP is not the only grant program available to school districts. In addition to the SLCGP, the Federal Communications Commission (FCC) has launched a new pilot program aimed at improving cybersecurity in schools. The Schools and Libraries Cybersecurity Pilot Program will provide up to $200 million to selected participants over a three-year term to purchase a wide variety of cybersecurity services and equipment. You can learn more about this pilot program here.

Need help with your grant proposal? We can help.

Navigating the complexities of grant applications can be overwhelming, but you don't have to do it alone. At UncommonX, we specialize in helping schools and other organizations secure funding for cybersecurity improvements.

Our expertise in developing comprehensive cybersecurity plans, conducting risk assessments and preparing detailed grant proposals can significantly increase your chances of securing the necessary funds.

Contact us today at hello@uncommonx.com to learn how we can support your school in strengthening its cyber resilience and securing the resources needed to protect your digital infrastructure.

By leveraging programs like the SLCGP and the new FCC pilot program, schools can take significant strides towards ensuring their cybersecurity, safeguarding sensitive data and creating a safe digital environment for students and staff.