Tribal communities are currently awaiting $18.2 million in federal cybersecurity grants, which the federal agency says could be awarded this spring.
Michael Day, executive director of TribalHub and chairman of Tribal-ISAC, said the Tribal Cybersecurity Grant Program awards are designed to recognize the critical infrastructure and industries operated by tribes, as well as the rest of the country. The aim is to strengthen security, he said. However, he noted that the difficulty of applying for these grants may have deterred some potential participants.
Applications for the first round of grants were scheduled for January. Federal officials have been tight-lipped about the status of the program, with the Cybersecurity and Infrastructure Security Agency (CISA) not saying how many tribes have applied or whose plans have been approved, which are prerequisites for receiving funding. was not disclosed. Currently, the exact grant allocation is still being finalized and CISA expects to award grants in the spring.
As of April 1, the Federal Emergency Management Agency (FEMA) said it had not yet distributed the grant money. But FEMA declined to provide details, but Day said the agency told him the number of tribes participating was higher than expected.
Still, some eligible tribes lacked the resources to apply, Day said. Additionally, some tribes felt that available funds were too small to warrant the task of applying for and administering grants.
The $18.2 million set aside for the grant program will be distributed among the 574 federally recognized tribal governments based on tribal population tiers, with $8 million to be distributed to up to eight tribes. , $2 million would be distributed to the smallest 392 tribes. example.
Day said he encouraged tribes to seek grants, telling them they would likely receive larger grants than expected because other tribes did not apply.
Tribes could band together as a “tribal consortium” and file one joint application, Day said, but practical considerations make that idea impractical, Day said. That's because the various political groups and IT teams across the participating tribes must all come together to negotiate and reach an agreement, and they must do so within a limited amount of time before the application deadline.
Of the hundreds of federally recognized tribes, only a handful have CISOs, Day said, and others may rely on network administrators to handle their cyber needs. It is said that there is. As a result, how tribes intend to use their grant funds varies widely. Less mature companies may consider purchasing basic tools such as firewalls and third-party penetration testing, for example.
However, despite the differences, some common challenges have emerged. Day said many tribes play important roles in government and the health care sector, as well as own businesses in sectors such as gaming, hospitality and manufacturing. Tribes can often benefit from network connectivity and shared back-end systems across these industries, such as both healthcare and government connecting to shared human resources and accounting systems. However, these connections must be carefully protected from cyber risks.
Tribes are working to strengthen their cybersecurity, but they often struggle to recruit top cyber talent. The pain of cyberworkers is being felt across the public sector, but can be especially acute in tribes, where pay is limited and in very rural locations, Day said.
And many tribes are wary of relying on remote cyberworkers to bridge disparities.
“Most tribes, like many organizations, are still confused about remote work,” Day said. “One of the challenges here is that real trust relationships are important.Cyber requires a very close relationship with the organization to function effectively as a team.”
Day hopes tribes will consider dedicating some of the grant money to Tribal-ISAC membership. This could help the organization expand its offering, including providing example applications for future grant cycles. Tribal-ISAC also aims to bridge the gap between tribes that are wary of sharing information with his ISAC related to U.S. industry and state and federal governments, given a history of broken trust. .
The next round of grants is approaching, and FEMA plans to post notices of funding opportunities by the end of fiscal year 2024.
