Earlier this year, the president signed Consolidated Appropriations Act of 2018 into law, the law includes $380 million in grants for states to improve their cybersecurity. To-date 32 states, America Samoa and the U.S. Virgin Islands have applied for their HAVA funds. Although states are allowed to draw down on their available funds in phases, most states seem to be applying for—and receiving—all their funds at one time. Once states have applied for their funds they have 90-days to provide a narrative on what they will be spending the money on. Part of the requirement for receiving the federal funds is a 5 percent match from states. How elections officials are getting those matches varies. Some states are relying on their Legislatures to allocate the funding and others are using existing funds allocated in state budgets.
The Election Infrastructure Subsector (EIS) Government Coordinating Council has provided a white paper of sorts on what states and counties should consider when planning their spending. The document is “intended to raise awareness of resources and helpful practices that can assist election officials to do more with the resources afforded to them. The document covers cyber navigators, common vulnerabilities and improving jurisdictions overall cybersecurity posture. The paper also includes a section on vendor selections.
In addition to the GCC considerations, a group of security experts/former elections officials/academics (and Democracy Fund Senior Advisor Tammy Patrick), sent a letter to all 50 states, the District of Columbia and the territories urging them to follow a list of best practices when considering how to spend their funds.
The National Conference of State Legislatures also has a some suggestions for how states should spend their money.
Full Article: electionlineWeekly.