**Please see below for a grant opportunity from the State of Oregon**
The Infrastructure Investment Jobs Act (H.R. 3684) Division G Title VI Subtitle B establishes the State and Local Cybersecurity Grant Program to award grants to eligible entities to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, State, local, or Tribal governments.
The state of Oregon is an eligible entity to receive and distribute funds under this grant program. This is a formula based, non-competitive, multi-year grant program (federal FY 22, 23, 24, 25) with a state match $ requirement. Eighty percent of the grant funds received are to be distributed to local governments (25% to rural areas based on census data). Enterprise Information Services is diligently working on preparations in anticipation of the notice of funding opportunity. Significant preparations include standing up a Planning Committee, developing a Cybersecurity Plan, and drafting a rubric for evaluating cybersecurity project proposals. Statewide collaboration and local government participation in this planning phase is essential in meeting grant program requirements. Please plan to make the following contributions.
- Make recommendations for whom you would like to represent the interests of your organization, jurisdiction or association on the Planning Committee. The Planning Committee shall be comprised of members from the state, counties, cities, towns, and institutions of public education and health. Membership shall include representation from rural, suburban, and high-population jurisdictions. At least half of the planning committee members shall have professional experience relating to cybersecurity or information technology as their role is to assist with the Cybersecurity Plan and assist with determining effective funding priorities. While all recommendations will be considered, recommendation does not ensure appointment.
- Identify the cybersecurity related projects you would likely submit for funding requests when the grant funding becomes available. In the interim, consider preparing a business case for the planned effort. While additional details may be needed based on the final evaluation rubric, most of the information needed for evaluation would generally be available in a business case.
- Identify the vulnerabilities of more urgent need, especially those that may be common to other local government organizations. This information will help in determining initial priorities for the Cybersecurity Plan.
While we are making our best efforts to prepare in advance of the notice of funding opportunity, anticipated in June, there is still unknown information, particularly regarding the state match $ component of the grant program. The Planning Committee may have a role in identifying and executing solutions for the match. We expect to know more as the committee is being formed.
Below is an optional template for providing the initially requested information. Responses by April 30, 2022 are greatly appreciated. We are waiting for additional program clarifications from the federal government. As we learn more, we may have additional information needs to share and request from you. In the meantime, if you have any questions or comments, please contact Gary Johnson at firstname.lastname@example.org or 971-701-1460.
To: Gary Johnson, State Chief Information Security Officer
Subject: Oregon State and Local Cybersecurity Grant Program Inquiry
1. Recommended Planning Committee Member ___________________________________
Note: Planning committee members may represent a single organization/jurisdiction, or may represent an association comprised of multiple member organizations/jurisdictions (e.g. AOC, LOC, SDAO, OAESD, OCCA, OSBA, COSA etc.). If appropriate, more than one member may be recommended (e.g. an executive, program or policy leader/representative; and/or representative with IT/Cyber Expertise).
2. Potential projects for submission (multiple projects may be listed)
Note: Please indicate whether the project will benefit a single organization or multiple organizations.
3. Vulnerabilities of more urgent need, highlighting any known commonalities with other local governments