State & Local Cybersecurity Grant Program (SLCGP)

About the Program

The State and Local Cybersecurity Grant Program (SLCGP) provides funding to eligible entities to address cybersecurity risks and threats to information systems owned or operated by, or on behalf of, state, local, or tribal governments. The program is designed to allocate resources where it is needed most: at the local level.

The Maine Emergency Management Agency (MEMA) and the Office of Information Technology (OIT) collaboratively manage the program under the guidance of Maine’s SLCGP Planning Committee. As the State Administrative Agency (SAA), MEMA is responsible for applying for this grant on the state’s behalf.

History of Maine's Participation in the SLCGP

As required by the Fiscal Year 2022 grant, Maine established a Cybersecurity Planning Committee that coordinated, developed, and approved a strategic Cybersecurity Plan. This plan will guide the development of cybersecurity capabilities across Maine in the coming years. Most importantly, this plan will enable Maine to receive subsequent allocations of federal funding to implement its goals and individual projects in communities across the state.

Stakeholder input is an integral component of the SLCGP and is included in Maine’s approach. To collect local government input and inform Maine’s SLCGP approach and programmatic offerings, a survey was distributed to municipalities, counties, and school districts in 2023. The SLCGP Planning Committee is committed to providing opportunities to stakeholders to inform decision-making and resource allocation.

About the Plan

The State of Maine Cybersecurity Plan has been approved by FEMA and CISA and represents Maine’s continued commitment to strengthening cybersecurity. This Plan fulfills Maine’s requirements under the SLCGP, enabling Maine’s participation in this first-of-its-kind national program. This Plan describes the State of Maine’s approach to providing local governments with the opportunity to participate in shared cybersecurity services and resources. The priorities and objectives contained in this Plan focus on improving the cybersecurity posture of local government organizations by assisting in managing and reducing systemic cyber risk.

Vision: A cyber-resilient Maine that realizes the opportunities afforded by technological innovation and balances the cybersecurity protections necessary to safeguard its data and critical infrastructure.

This vision is guided by the following principles:

Build and leverage partnerships

Focus on building relationships with partners across Maine and maintaining open lines of communication with critical infrastructure sector leads to ensure a coordinated approach to implementing SLCGP initiatives.

Reduce barriers

Strive to understand what barriers organizations face in implementing cybersecurity best practices and identify collective approaches to overcome them.

Increase resiliency

Build capability and capacity at the organizational level to ensure the impact of these cybersecurity initiatives is enduring and sustainable.

SLCGP Planning Committee Members

The SLCGP Planning Committee serves as a representative voice for local input and includes representation from state, county, and local government, public education, public health, public safety, emergency communications, election infrastructure, the judicial system, public critical infrastructure, and the Maine National Guard.

For More Information

For more information on the SLCGP or general questions, please contact slcybersecurity.grant@maine.gov

Additional Cybersecurity Resources

Federal

Cybersecurity and Infrastructure Security Agency (CISA)

CISA is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers.

State

MEMA Cyber Security Resource Page

At the State level, MEMA coordinates the mitigation (risk reduction) preparedness, response, and recovery from emergencies and disasters such as floods, hurricanes, earthquakes, or hazardous materials spills. MEMA also provides guidance, and assistance to county and local governments, businesses, and nonprofit organizations in their efforts to provide protection to citizens and property and increase resiliency in the face of disaster. The Agency uses strategies such as planning, training, exercise, and public education to carry out its mission.

Other

Center for Internet Security (CIS)

CIS is a US 501 nonprofit organization to "help people, businesses, and governments protect themselves against pervasive cyber threats."

Multi-State Information Sharing and Analysis Center (MS-ISAC)

As a trusted cybersecurity partner for 13,000+ U.S. State, Local, Tribal, and Territorial (SLTT) government organizations, MS-ISAC cultivates a collaborative environment for information sharing in support of its mission. It offers members incident response and remediation support through a team of security experts and develops tactical, strategic, and operational intelligence, and advisories that offer actionable information for improving cyber maturity.

Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC)

The EI-ISAC works closely with election officials and security and technology personnel to provide the highest standards of election security, including incident response and remediation through our team of cyber experts. Its 24x7x365 Security Operations Center (SOC) monitors, analyzes, and responds to cyber incidents targeting election offices and government entities. It also develops and shares best practices for securing election infrastructure, incorporating security into election technology procurements, and helping manage election supply chain risks.

Maine.gov