The Municipal Cybersecurity Awareness Grant Program is a program that will help local government to improve overall cybersecurity posture through end-user training, evaluation and threat simulation. The program, including procurement and coordination, will be managed by the Executive Office of Technology Services and Security. (EOTSS)

 

How to apply for the Cybersecurity Åwareness Training Grant Program

https://www.mass.gov/how-to/apply-for-the-municipal-cybersecurity-awareness-grant-program

 

Eligibility

The Municipal Cybersecurity Awareness Training Grant Program is open to municipalities and public school districts. Awards can be made available for employees in all municipal functions that have a government-issued email address, including municipal administration, school and public safety officials. Communities that do not have government-issued email addresses and are interested in obtaining a .gov domain, please contact us ASAP.

Participating communities must demonstrate leadership buy-in, and commit to making staff available to successfully complete the program and be willing to collaborate. The time commitment for administering this program is approximately two hours per week.

 

More Info

The 2022 Municipal Cybersecurity Awareness Grant Program is a program to support local government efforts to improve overall cybersecurity posture through comprehensive online end-user training, evaluation, and threat simulation. It is anticipated that this program will provide training for at least 60,000 municipal/school staff with awards being announced in mid-December 2021 and end-user training beginning in January 2022.

By participating in the 2022 Municipal Cybersecurity Awareness Grant Program, a community agrees to implement policies and/or programs to improve their overall security posture by addressing training and assessment needs for all full-time employees that could introduce potential risk to municipal government.

Awarded communities will receive licenses for end user training, assessment, and phishing simulation, procured and managed by the Commonwealth of Massachusetts’ Executive Office of Technology Services and Security. You can choose from the following tracks, choosing whichever track will serve your organization best:

• Year-Long Training – this track runs from January through December 2022. You will receive the following via email or URL link:
  • Initial Cyber Assessment to ascertain a baseline of knowledge
  • Assignments 1-4 – Each assignment takes approximately 1 hour and assignments will be released every other month
  • Final Cyber Assessment to ascertain knowledge gained from the training
  • Phishing Campaigns – 8 phishing campaigns will be sent to test the user on recognizing phishing attempts
• Set-Your-Timeline Training – This track delivers ALL of the content at once so you can SET THE TIMELINE for your users. This allows you to set a schedule for users to complete training on your timeline. You will receive the following via email or URL link:
  • Initial Cyber Assessment to ascertain a baseline of knowledge
  • Assignments 1-4 – Each assignment takes approximately 1 hour
  • Final Cyber Assessment to ascertain knowledge gained from the training
  • Phishing Campaigns – You will receive the phish campaigns that are ongoing during your timeline which will test the users on recognizing phishing attempts
• Abbreviated Training – This track is a shortened version of the Year-long Training. This training will take place January through May.  This track might be best for schools.  You will receive the following via email or URL link:
  • Initial Cyber Assessment to ascertain a baseline of knowledge
  • Assignments 1&2 – Each assignment takes approximately 1 hour
  • Final Cyber Assessment to ascertain knowledge gained from the training
  • Phishing Campaigns – You will receive phish campaigns 1 through 4 which will test the users on recognizing phishing attempts

Communities participating in the 2022 Municipal Cybersecurity Awareness Grant Program will commit to implement a security awareness training solution to ensure that municipal/school staff are aware of end-user cyber threats that may exist and understand related gaps in their cybersecurity posture that should be addressed.

Buy-in from the Chief Executive in the community must be demonstrated and participating communities must identify an individual who will coordinate local staff, work with the Commonwealth and coordinate interaction with a local IT resource (if and when needed), for the duration of the program. While it may be beneficial, the local coordination role does not require technical expertise.

The community must commit to ongoing efforts to educate employees throughout the life of the program, including ongoing simulation activities, and targeted remediation based on the outcomes of simulation activities. It also must be willing to share statistics from the program with the Office of Municipal and School Technology, which will support efforts to better understand the cybersecurity posture of local government across the Commonwealth.

Review Process

The application period will close when all available seats are taken or December 17th, whichever occurs first. The staff at the Executive Office of Technology Services and Security will review applications based on factors such as: 

• A commitment to prioritizing cybersecurity awareness
• Commitment to improving the community's cybersecurity posture
• A willingness to collaborate and help gain a better understanding of cybersecurity posture in communities across the Commonwealth
• Willingness to identify an individual who will oversee and monitor program participation

 

Contact

Nikolas Gonzales, Data Analyst