State cybersecurity grant uptake low; agency launches webinars and enrollment push for MS-ISAC benefits

State cybersecurity officials told the House Energy and Digital Infrastructure Committee on April 28 that uptake of the federally funded state/local cybersecurity grant program has been limited but that steps are underway to increase participation.

"Not good, but that's changing," Sean Naylor said when asked about program signups, summarizing that early offers (website/email migration to .gov domains, CompTIA Security+ training, and multifactor-authentication projects) failed to attract many applicants but that staff are conducting targeted outreach and will start a webinar series in May to walk municipal leaders and select-board members through eligibility and project mapping.

Naylor described a practical approach: the council and grant program developed "12 cybersecurity pillars" ranked by levels; achieving level 2 across those pillars would put an organization on "solid footing." The program maps grant projects to those pillars so applicants can choose concrete projects (for example, multifactor authentication or an acceptable-use policy) tied to established standards such as NIST and CIS.

The state purchased full membership in the Multi‑State Information Sharing and Analysis Center (MS‑ISAC) to extend threat‑warning and vulnerability feeds to local governments, Naylor said; an agency speaker reported about two weeks ago that only roughly 32 organizations had signed up to use that membership so far. Officials said they—re promoting MS‑ISAC enrollment because it is offered at no cost through the state and can give local entities daily vulnerability updates and resources.

Committee members pressed whether legislative action could increase enrollment; Naylor proposed more active outreach and a live annual report briefing to familiarize legislators with the program and to coordinate further expansion of council membership as uptake improves. The committee did not vote on grant policy at the hearing.