The State of Cybersecurity Funding for State and Local Government


Congress recognizes a national cybersecurity crisis. SonicWall has a plan to help state and local governments with proposals and procurement.

With dozens of high-profile cybersecurity attacks still fresh in everyone’s mind, U.S. Senate negotiators are hard at work to show taxpayers they can deliver a solution. The recent $1.2 trillion infrastructure proposal passed by the U.S. House of Representatives authorizes $2 billion in new cybersecurity programs, including a $1 billion grant program for cybersecurity initiatives especially set aside for state and local government.

The initiative is entirely understandable given the range and scope of threats facing Americans today. The ransomware attack last May on Colonial Pipeline offered a chilling view of one possible future. Policy-makers are anxious to avoid repeating an episode that triggered regional gasoline shortages and panic-buying that lasted several days.

However, the cyberattacks on business threw the covers off greater dangers that nearly all levels of government now face. In the widely cited and quoted Mid-Year Update to the 2021 SonicWall Cyber Threat Report, government agencies and departments experienced three times more attacks in the first half of 2021 than in all of 2020. By June of this year, federal, state and local governments saw 10 times more ransomware activity than business.

Congress Jumps into Cybersecurity

Given the magnitude of enormous threats from hacker gangs and state-sponsored teams, the move certainly made a lot of sense. But politics being politics, the proposal still must get through the House, where it faces a long road to approval.

Speaker of the House Nancy Pelosi and many members of the House have declared that they will vote on the measure after the Senate passes an even more ambitious $3.5 trillion social policy bill this fall. The process will likely place the infrastructure bill and the cybersecurity initiative on hold for months.

Before the infrastructure bill’s passing, the White House budget proposal for 2022 outlined $58.4 billion for IT funding, including $9.8 billion specified for cybersecurity initiatives for civilian agencies.

While the National Defense Authorization Act (NDAA) Conference Committee has not finalized defense-related budgeting for 2022, it does pick up from last year’s budget, which established the office of the National Cyber Director. In addition, it allows up to $6 billion in discretionary funding, which, according to some capitol observers, could find its way into state and local government IT projects, especially if the infrastructure bill stalls in Congress.

The American Rescue Plan

While the discussion about infrastructure captures all the attention, state and local governments have already started tapping into other funding sources to help shore up their cybersecurity. In March 2021, the American Rescue Plan Act (ARPA) was signed into law. Designed as a means to bridge funding gaps for state, local and tribal governments hammered by the COVID pandemic, the law provides $350 billion in total funding.

It is important to keep in mind that these funds do not come with specific guidelines. State and local government applicants may use this kind of funding for just about anything they want. For example, funds can be invested in water, sewer or their IT security infrastructure.

According to an assessment on ARPA funding by the Brookings Institute, “funding for state and local governments appears to be incredibly flexible, and therefore even more supportive of innovative recovery solutions.”

These funds will be disbursed over the next three years, with many state, municipal and county agencies applying the funds to bridge budget gaps caused by revenue shortfalls during COVID-19. Meanwhile, the anecdotes are filtering in, emphasizing the nightmare scenarios of a security breach because of outdated firewalls and software.

Some funding will go to IT security. But, of course, the question will be how much is enough for the interim until bigger and deeper funding resources are made available.

SonicWall Has a Plan

SonicWall has a long history of working with federal, state, local governments and agencies. SonicWall understands the complexities of the network and how each user in a department may require specific user access. The SonicWall Boundless Cybersecurity model provides the performance and security that allows each agency the elasticity needed in today’s new normal.

SonicWall also bring solutions for hyper-distributed networks, where everyone is remote, mobile, and potentially unsecure, along with the traditional campus cybersecurity network needs.

In addition, the Boundless Cybersecurity model offers seamless protection against the most evasive and crippling cyberattacks like ransomware, IoT, encrypted threats and malware.

SonicWall works closely with all parties to help decipher the often-complicated procurement rules and sort out funding guidelines. We’re out there, in the field, assisting city, county and state agencies; we can share best practices when it comes to assessing the procurement process, right down to grant-writing.

In addition, SonicWall works closely with government procurement, and IT teams to determine their risk profile and build out a security solution for their current and future needs.

We’ve learned a lot throughout the years; below are some best practices and unique considerations:

  1. Recognize and address your increased cybersecurity risks from all aspects of your network. SonicWall can help you uncover hidden dangers with high-level analytics and reporting.
  2. Create and maintain robust data policies and procedures. Network management and policy management tools are built into SonicWall Network Security Manager. NSM gives IT teams the power to govern centrally, meet compliance rules and regulations, and manage risks as they emerge.
  3. Seek automated real-time breach detection and prevention. SonicWall offers automated TLS inspection, patented Real-Time Deep Memory Inspection (RTDMI), Reassembly-Free Deep Packet Inspection (RFDPI) and Capture ATP cloud-based multi-engine sandboxing. Alternatively, we also provide Capture Security Appliance (CSA) on-premises advanced threat detection and Cloud App Security for Office 365 and G Suite applications.
  4. Plan a layered approach to cybersecurity. For example, SonicWall solutions offer ‘end-to-end’ layers of protection, detection and inspection. Our portfolio provides firewalls, switches, secure mobile access, Wi-Fi, email security, cloud application security, endpoint security and control — all orchestrated within a consolidated Network Security Manager through a single pane of glass.
  5. Get everyone on board. The best cybersecurity implementation starts with total buy-in from everyone in the organization. Your network security is strengthened when everyone complies with security measures and recognizes that their security depends on their actions and behavior.
  6. Demand the correct certifications from your vendors. SonicWall meets S. federal governmental certification and interoperability requirements, e.g., NIST, FIPS 140-2, CSfC, Common Criteria, DoDIN APL, USGv6 and NSA CNSA Suite B.

Our goal is to help governments dive into the work of protecting public assets and communities with Boundless Cybersecurity. For more information, visit

SonicWall Staff