• Home
  • SLCGP Bulletin - October 2024

SLCGP Bulletin - October 2024

October 15, 2024

Approved Year 3 SLCGP Projects:

On 9 OCT 2024, the SLCGP Planning Committee met and approved our new Statewide SLCGP Plan and on 10 OCT 2024 we received confirmation from FEMA the plan was approved.  We are working with DOS Grants Management Team to finalize all artifacts required by FEMA for the Year 3 Application.  When approved, we expect funds will be released to the State and entered into the G&C/Fiscal Accept and Expend processes in March of 2025.  Here are the details about Year 3 of the SLCGP:

First, the available funding:

We requested the maximum amount of funding from FEMA to implement the Cybersecurity Plan for FFY2024:

  • NH Allocation from NOFO:  $3,808,572.00
  • Match Requirement:  $1,632,246.00
  • TOTAL AMOUNT: $5,440,810.00
  • Deducting 5% “Management and Administration (M&A):  $5,168,777.00 for projects

The match requirement is authorized in State of New Hampshire Operating funds for the grant year covered in this plan.  “M&A” = Management and Administration that goes to the Department of Safety Grants Management Office.  Believe me, the Grants Management Team earns all of this and more!

Second, here are the approved projects and respective funding levels for grant year three:

  • FFY2024-1: NH Statewide Cybersecurity Plan Program Management, Reporting, and Metrics Analysis.  ($300K) Additional planning by Cybersecurity Planning Committee to refine Cybersecurity Plan Submission for subsequent FYs as well as analysis and reporting of program metrics.  The Program Manager also facilitates intake of requests and enrollment of local entity for services.
  • FFY2024-2: Managed Detection and Response Implementation for NH Public K12/SAU High Value Targets. ($3.6M) Implement Endpoint and Server Managed Detection and Response for High Value Targets (HVT) in 100% of NH School Administrative Units (Public K12s) Leverage NH Statewide Contract for CROWDSTRIKE Falcon Complete.
  • FFY2024-3: Cybersecurity Improvements to (Public) Community Drinking Water and Wastewater Systems. (~$1.3M) Modernize/Harden (or perform initial fielding and installation) of hardware, tools, and connectivity from the Water System Operator’s Interface Device and the SCADA control unit of the Community Drinking Water and/or Wastewater Systems (Public-Sector Owned or Operated Systems).  Continue an ongoing effort.  NH CISA Cybersecurity Advisor is already embedded in this project performing assessments.

Why these Projects?

For Context – With years 1 and 2 funding in execution, we will finish the MFA Token project (Orders/requests are filled), have funding to offer individual training/certification for the next four years, fund the Municipal Cyber Defense Program (MCDP) for four years and implement the lion’s share of municipal/K12 transition to a .GOV domain for those who requested the service!  Really great OUTCOMES.  As evidenced by our discussions at the annual National Association of State Chief Information Officers (NASCIO), other states are in awe of the NH Programs and Outcomes created from this Grant Program.

The NOFO states, “Prioritizing projects that address cybersecurity for critical infrastructure. SLT entities are strongly encouraged to include projects related to K-12 education, water/wastewaters, healthcare, energy, defense, and elections infrastructure." 

Project FFY2024-1:  The need for Staff Augmentation for Program management and execution not only for this grant year, but to also continue execution of previous years projects is self-evident.

Project FFY2024-2:  SAUs and K12s across New Hampshire are CONTINUOUSLY targeted by malicious actors with RANSOMWARE attacks, and when they are hit, let’s just say they are “burned to the ground” in many cases.  Most, if not all, SAUs do not have the budget for modern endpoint protection in the form of a Managed Detection and Response service.  The intent is to leverage the Statewide Contract we partnered with the University System of New Hampshire with via Administrative Services to purchase 3 years of CROWDSTRIKE Falcon Complete for every public K12 SAU as documented on the NH Department of Education Website HERE. Working with members of the NH K12 CTO association, we estimate this project requires on average: (1) 50 Endpoints Ave / SAU, (2) 20 “Servers/Domain Controllers” Ave / SAU, (3) Managed Service Support and Control Console for each SAU.  The SAU CTOs will be responsible for working with the CROWDSTRIKE Falcon Complete team individually for implementation, and escalation of events will be managed from the CS Falcon Complete team to the SAU CTO to the SAU Administrator to make a PRIMEX Claim if needed and then engage the Contracted First Responder for mitigation and recovery.  SAU’s would have to “OPT IN” and would be expected over the next three years to budget ~$12K for continuation/renewal of the same level of service.  Significantly cheaper than a RANSOMWARE event!

Project FFY2024-3:  If there is a critical infrastructure sector in NH that is in BAD shape, it is the Water Sector.  Dozens of Public owned/operated Drinking Water and Wastewater systems have already been assessed for cybersecurity status…they are in bad shape. DoIT has partnered with the Department of Environmental Services to begin a program to provide “Water Cybersecurity in a Box” and this contract for services with the OVERWATCH Foundation is in execution.  These funds would be additive to the DES funding stream to implement this program across as many of the Public Sector Drinking Water and Wastewater Systems as possible.  This really is an “Emergency” action.  Many of these systems don’t even have a firewall between the SCADA Control Box and the Water System Operator’s personal iPhone that he/she uses to control the facility.

In Conclusion:  Approval of this plan, these projects, and funding will create REAL outcomes in every corner of the State and solve REAL problems that we experience every week in New Hampshire.  This is a lot of “Bang for the Buck” for ~$5M.