Aaron Saks, Director of Product Training at Hanwha Vision America makes the case for compliance with built-in cybersecurity.

Reducing cybersecurity risks

Cybersecurity is on everyone’s minds – whether it’s protecting our personal identities online, safeguarding confidential business communications or complying with government regulations.

The increased pressures on international supply chains in recent years has also heightened public awareness of the security and surveillance manufacturing process.

Every aspect of a company’s design and build approach, as well as the components they use, is under intense scrutiny.

When you add in the requirements for NDAA, TAA or GSA compliance, the stakes are raised even higher.

To reduce cybersecurity risks to the US, Section 889 of the 2019 National Defense Authorization Act (NDAA) prohibits the procurement of non-NDAA compliant security products by any government agency or recipient of federal grants.

As part of a broader State and Local Cybersecurity Grant Program (SLCGP), the Federal Emergency Management Agency (FEMA) has now allocated over $370 million in cybersecurity funding to aid and accelerate the replacement of these devices with NDAA-compliant products. This “rip-and-replace” program is part of a larger $1 billion FEMA cybersecurity initiative.

The SLCGP guide

Is my business eligible for SLCGP funds?

SLCGP grants are available to state, local and territorial (SLT) governments and agencies, including schools and municipalities, in all 50 US states and territories.

Businesses that are sub-recipients of an SLT government receiving SLCGP funding are also eligible for the program.

How much of our project will the SLCGP grant cover?

FEMA grants will fund 80% of the cost of approved rip-and-replace projects, while recipient organizations (or other grants) must fund the remaining 20%.

Can I use SLCGP funding to purchase cybersecurity equipment and software?

Yes. Organizations can use SLCGP funding to purchase cybersecurity equipment and software as long as the equipment and software are directly related to implementing a comprehensive cybersecurity plan.

What types of activities are funded by the SLCGP?

The SLCGP grants are not intended solely for replacing security cameras and software.

FEMA is more likely to accept applications that include holistic approaches, such as developing cybersecurity plans, implementing controls, performing risk assessments and cybersecurity training.

Covered cybersecurity activities include:

• Purchasing tools and technologies
• Developing and implementing plans
• Implementing controls and best practices
• Providing training to employees
• Conducting risk assessments and audits
• Responding to and recovering from incidents

How do companies apply for the SLCGP?

Applying for an SLCGP award is a multi-step process that can take one month or more.

Submit your initial SLCGP application through the grants.gov portal at www.grants.gov.

FEMA will invite eligible applicants within one to two business days to access the Non-Disaster (ND) Grants System to proceed with a full application.

Support is available on the Grants.gov hotline at (800) 518-4726, which is available 24/7 except for federal holidays.

Technical support for the ND Grants System is available at [email protected] or (800) 865-4076.

What should an SLCGP application include?

Grant-seeking organizations must submit a detailed Cybersecurity Plan to FEMA with their application to qualify.

This plan should outline how they will use SLCGP funds to:

• Rip-and-replace non-NDAA-compliant security cameras and software
• Manage, monitor and track information systems and network traffic
• Enhance the preparation, response and resiliency of information systems
• Implement continuous assessments and threat mitigation practices

FEMA also requires plans to establish a Cybersecurity Planning Committee to oversee the plan and outline the committee’s roles and responsibilities in a Cybersecurity Charter.

Lastly, applications must include a timeline, success metrics and resource needs.

Are there any other FEMA grant programs?

The SLCGP is one of several FEMA preparedness grants developed to help mitigate terrorism and other high-consequence disasters and emergencies.

Below are some of the other FEMA grants that have been established:

Non-profit Security Grant Program: This grant program was established to provide support for physical security upgrades to non-profit organizations that are susceptible to terrorist attacks.

The goal of the program is to help integrate state and local preparedness efforts with non-profit planning.

Transit Security Grant Program: This grant program provides funding to intra-city buses, ferries, trains and other eligible public transportation systems to protect the public against acts of terrorism and other emergencies.

Homeland Security Grant Program: This program includes a suite of grants to assist state, local, tribal and territorial efforts in mitigating, responding to and recovering from acts of terrorism and other threats to homeland security.

The right approach, the right partner

The global business landscape is complex and requires a comprehensive understanding of trade deals, tariffs, taxes, import/export regulations and more.

Security is on everyone’s minds – whether it’s protecting our personal identities online, safeguarding confidential business communications or complying with regulations governing manufacturing partnerships.

For a company’s partners and customers, these regulations can affect international supply chains, GSA contracts and even currently deployed technologies, especially if the customer is a US government-related agency.

In a landscape of evolving threats

Programs like the SLCGP are effective and valuable resources for state and local governments seeking to enhance their cybersecurity resilience and protect critical assets and information from the constantly present threat of cyber-threats.

By following the steps outlined in the guide, governments can leverage federal funding and expertise to build robust cybersecurity programs that safeguard the public trust and ensure the continuity of essential services in an increasingly digital world.

The global business landscape is complex, especially as organizations and operations grow increasingly connected.

We are all spending more time online as the workday now consists of video calls with colleagues, customers and partners all around the world.

This increase in network activity and content sharing can make companies attractive targets for cyber-criminals.

No longer an option, built-in cybersecurity is an essential requirement for ensuring the highest levels of security in video surveillance devices.

This article was originally published in the September edition of Security Journal Americas. To read your FREE digital edition, click here.