Tribal governments receive first-ever cyber grants
Taryn Lewis/Getty Images
Having seen states and localities receive hundreds of millions of dollars already, the feds announced $18.2 million for 32 tribal nations.
Since the passage of the bipartisan infrastructure law in 2021, states have received hundreds of millions of dollars in grant funding for cybersecurity, out of a pot of $1 billion to be distributed over four years. Now, for the first time, tribal governments are getting a piece of that pie.
In a joint announcement last week, the Department of Homeland Security, the Federal Emergency Management Agency and the Cybersecurity and Infrastructure Security Agency said they awarded $18.2 million under the Tribal Cybersecurity Grant Program to 32 tribal nations. It is the largest number of awards the federal government has provided under a single grant program to tribal governments, according to DHS.
“With these first-ever tribal cybersecurity grants, we are not just addressing immediate needs, but also reinforcing the infrastructure that supports the sovereignty and resilience of tribal nations,” FEMA Administrator Deanne Criswell said in a statement. “This funding, benefitting the largest number of tribal recipients to build cybersecurity resilience in FEMA’s history, is a testament to our dedication to a safer, more secure future for all communities.”
All grant recipients will be required to take part in two free CISA services: a nationwide cybersecurity review and cyber hygiene vulnerability scanning. The former service is an anonymous yearly self-assessment designed to measure a recipient’s cybersecurity programs’ gaps and capabilities. The latter evaluates a tribe’s external network presence through continuous scanning for vulnerabilities.
The grants come as tribes are facing a growing number of cyber threats that are also increasing in complexity.
Last month, for example, the Mashpee Wampanoag Tribe of Massachusetts disclosed that its servers had been crippled by an April cyberattack. The hackers demanded a ransom of $500,000 to unlock the tribal government’s systems, but the Mashpee Wampanoag declined to pay and instead declared a state of emergency so they could hire consultants to support the IT director.
Separately, in 2021, the Three Affiliated Tribes—the Mandan, Hidatsa & Arikara Nation—disclosed that its server was hacked, with the tribe locked out of emails, files and other information.
As with state and local governments that have been attacked, recovery is a slow process. Tribal officials with Mashpee Wampanoag estimate it could take months to fully restore every IT function. But on the bright side, cyberattacks can result in technological advances.
In 2019, the Eastern Band of Cherokee Indians was the victim of a ransomware attack that shut down its network. A former employee was eventually charged and found guilty of tampering with public records and obstructing government functions. In the years since, though, the North Carolina-based tribe moved all their IT infrastructure to the cloud, which has improved its 911 dispatch system and financial record-keeping for casino disbursements.
As with state and local governments, phishing emails are among the most frequent exploitations. And just like many states and localities, tribal nations have lacked the money to deal with the threats they face. DHS officials said the grant program should help start to address that gap and that more funding will be available later this year.
“For far too long, tribal nations have faced digital and cybersecurity threats without the resources necessary to build resilience,” Secretary of Homeland Security Alejandro Mayorkas said in a statement.
NEXT STORY: Calls for cyber framework harmonization ramp up