Start / Daily Security Review / Cisa fema release 100m in cybersecurity grants to strengthen state local and tribal defenses

CISA & FEMA Release $100M in Cybersecurity Grants to Strengthen State, Local, and Tribal Defenses

44 min • 4 augusti 2025

The U.S. Department of Homeland Security, through CISA and FEMA, has announced over $100 million in new cybersecurity grant funding for Fiscal Year 2025 — a critical investment aimed at protecting America’s most vulnerable digital frontlines. The funding is split between the State and Local Cybersecurity Grant Program (SLCGP), allocating $91.7 million, and the Tribal Cybersecurity Grant Program (TCGP), providing $12.1 million.

In this episode, we explore how these funds will be used to bolster defenses for state, local, and tribal governments (SLTT) — key operators of public services and critical infrastructure that face mounting threats from ransomware, nation-state attacks, and insider risks.

We’ll break down:

The Objectives of the Grants: Governance and planning, cybersecurity workforce development, threat mitigation, and continuous assessment of cyber readiness.
Eligible Uses: From hiring qualified cybersecurity staff and acquiring new tools like EDR platforms and VPNs to launching training and awareness programs, conducting tabletop exercises, and even migrating to the .gov domain.
Unique Challenges for SLTT Entities: Limited resources, legacy systems, and the difficulty of balancing 24/7 operations with patching and security updates.
The Tribal Cybersecurity Grant Program: Direct funding for federally recognized tribes, requiring approved cybersecurity planning committees and participation in CISA’s Cyber Hygiene Services.
CISA’s Internal Strains: Ongoing staffing losses within the Joint Cyber Defense Collaborative (JCDC) may affect the agency’s ability to fully support grant recipients.
Best Practices from the Cybersecurity Guidebook for Local Government 2.0: Including the “Necessary Nine” checklist — from offline backups and MFA to patch management and clear incident response plans.

With $1 billion allocated through the Bipartisan Infrastructure Law over four years, this latest round of funding marks a major step in the U.S. government’s strategy to reduce cyber risk and build long-term resilience. But questions remain: Will SLTT governments move fast enough to implement these measures? And can CISA maintain the capacity to oversee and support these initiatives effectively?

#CISA #FEMA #CybersecurityGrants #SLCGP #TCGP #StateCybersecurity #TribalCybersecurity #RansomwareDefense #CriticalInfrastructure #CyberResilience #ZeroTrust #CyberHygiene #CybersecurityWorkforce #DHS #CISAGrants

Senaste avsnitt

Cloud Computing Heist: $3.5 Million Fraud Leads to Prison for Fake Crypto Influencer

19 augusti | 48 min

Embassy Espionage: Kimsuky and Suspected Chinese Partners Deploy XenoRAT in Seoul

19 augusti | 65 min

GSMA Confirms Flaws: Researchers Unveil Dangerous 5G Sniffing and Injection Attack

19 augusti | 51 min

SAP NetWeaver Under Siege: New Exploit Chains Threaten Global Enterprises

19 augusti | 45 min

Ransomware Gangs Deploy Kernel-Level EDR Killers to Evade Detection

19 augusti | 35 min

CISA & FEMA Release $100M in Cybersecurity Grants to Strengthen State, Local, and Tribal Defenses

Senaste avsnitt

Cloud Computing Heist: $3.5 Million Fraud Leads to Prison for Fake Crypto Influencer

Embassy Espionage: Kimsuky and Suspected Chinese Partners Deploy XenoRAT in Seoul

GSMA Confirms Flaws: Researchers Unveil Dangerous 5G Sniffing and Injection Attack

SAP NetWeaver Under Siege: New Exploit Chains Threaten Global Enterprises

Ransomware Gangs Deploy Kernel-Level EDR Killers to Evade Detection

Chinese APTs Target Taiwan: UAT-7237’s SoundBill Loader and Gelsemium’s FireWood Backdoor

Colt Cyberattack: Multi-Day Outages After WarLock Ransomware Exploited SharePoint Zero-Day

Workday Breach Tied to Third-Party CRM Hack in ShinyHunters Campaign

DOJ Brings Down Zeppelin Ransomware Operator, Seizes Millions in Crypto

U.S. Sanctions Grinex, the Russian Crypto Exchange Born from Garantex’s Ashes

Canadian House of Commons Breach Tied to Microsoft SharePoint Zero-Day

Norwegian Authorities Blame Pro-Russian Hackers for Critical Infrastructure Breach

MadeYouReset: New HTTP/2 Flaw Could Unleash Massive DDoS Storms

Cybersecurity Budgets Hit Historic Slowdown as Global Tensions Mount

CVE-2025-53786: The Microsoft Exchange Hybrid Flaw That Could Take Down Your Domain

Allianz Life Breach: 2.8 Million Records Leaked in Salesforce Hack

Charon Ransomware Targets Middle East Government and Aviation Sectors

August 2025 Patch Tuesday: Microsoft and Adobe Fix Over 170 Security Flaws

RansomHub Hits Michigan’s Manpower — Data Breach Exposes 140,000 Individuals

Security Firms Warn GPT-5 Is Wide Open to Jailbreaks and Prompt Attacks

Germany’s Top Court Limits Police Spyware to Serious Crimes Only

BadCam: Lenovo Webcam Flaw Turns Everyday Cameras into Remote BadUSB Attack Tools

Free Wi-Fi Loophole Lets Hackers Breach Smart Bus Control Systems

ReVault: Critical Dell Firmware Flaws Allow Windows Login Bypass and Persistent Implants

Air France–KLM Data Breach Exposes Customer Info via Compromised Third-Party Platform

Critical Flaws in CyberArk Conjur and HashiCorp Vault Put Enterprise Secrets at Risk

Prompt Injection Nightmare: Critical AI Vulnerabilities in ChatGPT, Copilot, Gemini & More

From Google to LVMH: ShinyHunters’ Salesforce Breaches Spark Global Ransom Crisis

Cisco Hit by Vishing Attack: CRM Breach Exposes Millions of User Profiles

Ox Security Unveils Agent Ox: AI Tool That Writes Tailored Fixes for Software Vulnerabilities

Meta Deletes 6.8 Million Scam Accounts as AI-Powered Fraud Rings Exploit WhatsApp

Meta Found Liable: Jury Rules Against Tech Giant in Flo Health Privacy Case

TSMC Insider Threat: Six Arrested in Taiwan Over 2nm Chip Trade Secrets

Approov Secures £5M to Fortify Mobile App and API Security Against AI-Driven Threats

Pwn2Own Ireland 2025: $1M WhatsApp Exploit Bounty Raises the Stakes

Nvidia Triton Inference Server Vulnerabilities Expose AI Infrastructure to Attack

CISA & FEMA Release $100M in Cybersecurity Grants to Strengthen State, Local, and Tribal Defenses

AI Jailbreaks on the Rise: How Hackers Are Extracting Training Data from LLMs

350,000 Patient Records Exposed: Inside the Northwest Radiologists Data Breach

Critical Honeywell Experion PKS Vulnerabilities Threaten Global Industrial Control Systems

Auto-Color Linux Malware Exploits SAP Zero-Day CVE-2025-31324

Inside the July 2025 PyPI Phishing Scam: How Hackers Stole Developer Credentials

IoT Security Crisis: Dahua Smart Camera Vulnerabilities Expose Surveillance Systems

Dropzone AI Secures $37M to Tackle Alert Fatigue with Autonomous SOC Analysts

Axonius Buys Cynerio for $100M+: Closing Healthcare’s Biggest Cybersecurity Blind Spot

Critical Lenovo Firmware Flaws Expose Millions to Persistent UEFI Attacks

Promptfoo Secures $18.4M to Combat AI Security Threats in Generative AI

1.1 Million Private Messages Leaked: Inside the Tea App Privacy Disaster

Job Scams, Corporate Espionage, and Digital Deception: Inside the Deepfake Crisis

Microsoft Exposes Major macOS Flaws in Transparency, Consent, and Control

Aeroflot in Chaos: How Hackers Crippled Russia’s Flagship Airline

Neferpitou Claims Cyberattack on French Naval Defense Giant

Root Evidence Launches With $12.5M to Redefine Vulnerability Management

NASCAR Hit by Medusa Ransomware: 1TB of Data Stolen in April 2025 Cyberattack

Scattered Spider Strikes Again: Inside the VMware ESXi Ransomware Tactics

Koske Malware Hides in Panda Images, Weaponizes AI to Target Linux

Operation Checkmate: BlackSuit Ransomware’s Dark Web Sites Seized

Coyote Malware Exploits Microsoft UI Automation in First-Ever Wild Attack

No Fix Coming: Remote Code Execution Flaw in 1,300 LG Security Cameras

ToolShell Exploited: China-Linked Hackers Breach NNSA and U.S. Government Networks

Massive NPM Breach: Malicious Packages Spread via Compromised Maintainer Accounts

Clorox Sues Cognizant Over $356M Cyberattack: Who's Really to Blame?

HeroDevs Secures $125M to Extend Life of Critical Open Source Software

UK Moves to Ban Ransomware Payments for Public Sector and Critical Infrastructure

New SysAid Vulnerabilities Added to CISA’s KEV List: XXE Flaws Could Enable RCE

Lumma Stealer Returns: Malware-as-a-Service Resurges After Global Takedown

Cisco ISE Critical Flaws Now Actively Exploited: No Workarounds, Just Root Access

ToolShell: SharePoint Zero-Day Chain Gives Hackers Full Remote Access

CVE-2025-54309: CrushFTP Zero-Day Exploited in Global Admin Access Attacks

Dell Breach by World Leaks: Extortion Attempt Hits Demo Platform

Critical VPN Vulnerability: ExpressVPN Exposed IPs via RDP Misrouting

Dior Data Breach Exposes U.S. Customer Info in LVMH Vendor Attack

StrongestLayer Raises $5.2M to Fight AI-Powered Phishing with TRACE

750,000 Records Exposed: Inside the TADTS Data Breach by BianLian

SS7 Is Still Broken: How Surveillance Firms Are Bypassing Telco Defenses

The UNFI Cyberattack: How Hackers Disrupted the U.S. Food Supply Chain

Zuckerberg on Trial: The $8 Billion Data Privacy Reckoning

Operation Eastwood: Inside the Takedown of NoName057(16)