SLED Cyber Projects: Key trends and funding
SLED Cyber Projects: Key trends and funding
As gas prices skyrocketed in May, the Colonial Pipeline Cyberattack was just one of many stark reminders of the importance of Cybersecurity. Today the number of attacks on major systems continues to grow, and with that, we’re seeing a vast increase in Cybersecurity projects in the SLED Tech Market. At CJIS GROUP, we monitor these changes across the market. Here we review some of the important trends, funding sources, and opportunities that are important to note.
Why is Cybersecurity a Major Trend in SLED?
In the past year or so, there have been several major hacks and breaches that have increased the focus on Cybersecurity, such as SolarWinds, Colonial Pipeline, and Kaseya. These attacks have taught SLED agencies that they need to upgrade their systems and expand their cybersecurity capabilities. Not only are they pushing for better security for their systems, but also quicker response times once a threat is identified.
Current Cybersecurity Funds and Solicitations
As SLED agencies identify the need for more advanced Cybersecurity, we now see a significant increase in the number of Cybersecurity solicitations with a particular focus on Vulnerability Assessments and Managed IT Security Services. In looking at trends from Q1 to Q2, we’ve seen an over 20% increase in the total number of solicitations posted, with California, Texas, and New York accounting for a majority of those solicitations.
In California, we spoke to a State level Chief Information Security Officer (CISO) about an Endpoint Protection Platform initiative, where they are working towards statewide solutions for agencies to alleviate most of the cyberattack tactics perpetrated by cybercriminals. The CISO encourages state-level departments to evaluate the latest and best-of-breed capabilities as appropriate.
How are these purchases getting funded? One way is that the Federal government is releasing several specialized grants to help agencies fund these efforts. An example is the Protecting Resources On The Electric grid with Cybersecurity Technology Act of 2021 which provides grants and technical assistance to eligible entities to protect against, detect, respond to, and recover from cybersecurity threats. The major focus of this grant is on rural electric utilities, and utilities owned by the political subdivision of a state. This grant is in direct response to the Colonial Pipeline attack highlighting the vulnerability of our utility infrastructure. In addition, many States are establishing dedicated funds for Cybersecurity efforts, such as the case with Texas. Their Department of Information Resources submitted a Prioritized Cybersecurity and Legacy Systems (PCLS) report requesting $898.6 million to address cybersecurity risks to legacy systems. This helped the State Legislature push forward a law that creates a Technology Improvement and Modernization Fund, effective September 1st this year, which covers 59 different projects across State agencies.
How to Talk about Cybersecurity with SLED Agencies?
Though there is funding and solicitations that are being released, many agencies won't discuss details regarding their pre-solicitation Cybersecurity projects or current vulnerabilities. They know the risk of disclosure of their current infrastructure or planned projects in the hands of bad actors.
Even in the case of Texas' PCLS report, only a very limited document was released to the public, while the full report to the Legislature was classified as confidential due to the inherent security risk it presented. When we talked to the Chief Information Officer for the Texas Department of Public Safety, they mentioned that providing information regarding upcoming Cybersecurity projects for the agency would be a fundamental security risk to their organization. This is a trend that we’ve seen in our various conversations with Network Administrators, IT Directors, and overall decision-makers when discussing Cybersecurity.
A great way to start a conversation with agencies about their Cybersecurity projects is by looking for Vulnerability and Needs Assessments. These projects provide a great starting point to ask about what SLED agencies will do once the assessment is complete. We recently spoke with a State Deputy Director of Elections regarding an in-house assessment of their Election Cybersecurity before the State election in November 2022. We were able to find out that based on the findings of their assessments they will address the issues appropriately and as needed. In looking at other cybersecurity assessments that we’ve tracked across the Country, these remediations generally include firewalls, threat protection, managed security services, and more.
Where is SLED Tech going with Cybersecurity?
We anticipate continued growth in solicitations regarding Cybersecurity. With the dedicated funding established in the American Rescue Plan Act and the recently passed Infrastructure Bill, these agencies now have the funds to move forward with those improvements. They’ll need the expertise of third-party vendors and their tried and tested solutions to monitor, detect, and prevent these debilitating attacks.
CJIS GROUP will continue to monitor these Cybersecurity trends in the SLED Tech Market and uncover insight into these agencies' needs. For further information regarding Pre-Solicitation Cybersecurity projects, including decision-maker contact information, budget information, and procurement timelines, please reach out to [email protected].
Client-Research Liaison | CJIS GROUP, LLC