Doubling Down on Cyber: 2018 UASI Funding Requirement Changes

The Fiscal Year (FY) 2018 Homeland Security Grant Program notice of funding opportunity (NOFO), released on May 21, 2018, announced $580,000,000 in available Urban Areas Security Initiative (UASI) grant funds. The NOFO also announced two significant changes in requirements for UASI-funded cybersecurity projects, both of which highlight the growing importance of cybersecurity in the context of homeland and urban area security.

The New Requirements

The first major change since FY 2017 is a requirement that applicants must include at least one cybersecurity project in their investment justification when applying for UASI grants. Like all other proposed UASI-funded projects, the cybersecurity investments must support (1) the security and functioning of critical infrastructure and (2) core preparedness capabilities relating to terrorism. However, the investments can simultaneously support preparedness for hazards unrelated to terrorism.

The second significant change is a requirement to involve cyber officials in grant disbursement. Per the FY 2018 NOFO, recipients of UASI grants must include Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) in their Senior Advisory Committees and Urban Area Working Groups. These groups decide where homeland security funding is allocated on the state and local levels, so the inclusion of officials with cybersecurity expertise should give cybersecurity projects a more significant role in anti-terrorism security and preparedness planning.

Our Perspective

Cybersecurity has been a suggested focus for UASI-funded projects for several years, however the requirement changes in the FY 2018 NOFO mark a significant policy shift, reinforcing cybersecurity measures as part of national preparedness planning.

We understand these changes are representative of the priorities of the Secretary of Homeland Security, Kirstjen Nielsen, who is reported to bring her “focus on cybersecurity” to the Department of Homeland Security (DHS). The alignment of DHS-sponsored funding initiatives to those same priorities is a natural progression of events. Beyond reaffirming the current vision and values of the funding agency, these changes represent a shift in national doctrine. We at Hagerty agree with this shift and have developed an approach to cybersecurity program management that aligns to the concept of inclusive planning and coordination.

Hagerty’s Cyber Nexus Approach

The Cyber Nexus Approach focuses on bringing all cybersecurity stakeholders together and establishing clear roles and responsibilities. The desired outcome is for the right stakeholders to provide the right information at the right time before, during, and after an incident. We are excited to see that DHS executive leadership shares our perspective. We look forward to witnessing the collective implementation of the Cyber Nexus Approach by requiring that key public safety, law enforcement, and cybersecurity professionals within UASI regions coordinate on national preparedness planning.

Kayla Slater is a Preparedness Associate with Hagerty and doubles as the company’s internal resilience lead. Kayla helps clients to develop innovative and customized plans and operational tools to support long-term recovery and redevelopment. Currently located in Washington, D.C., Kayla is a graduate of Georgetown University’s Emergency and Disaster Management Program.