You are here

Why Use Federal Funds for Cybersecurity Improvements?

Cyber-based attacks on municipalities are increasing in frequency and sophistication. Tightening your municipality’s cyber armor is an acceptable use of American Rescue Plan Act (ARPA) funds, and there are other federal funding opportunities on the horizon to support this work. Now is the ideal time to make relatively costly improvements to the security of your organization’s computer systems and use grant funds, not taxpayer money, to do it.

Save time, money, and your reputation. Cyber attacks are extremely disruptive and expensive. (For an example, read this WCAX News article). They often result in money being stolen, personal information being exposed, and expensive equipment becoming inoperable – as well as damaging the reputation of the municipality and the trust of voters.

Because Vermont municipalities are definitely targets.  Some have been hit already with small ransom demands and social engineering scams, including the examples noted in this VLCT News article.

Although costly, cyber improvements are crucial and absolutely worth it. Now is the time to identify your system weaknesses and make investments in your information technology (IT) infrastructure while these one-time funds are available to you.

Make investments now to address known  deficiencies. This may qualify your town for insurance coverage and allow you to have the proper protection in case you are the subject of a cyber or ransomware attack. You do not want your municipality to bear the entire cost of a cyber event because you were not covered!



Refer to VLCT's Vermont Federal Funding Guidebook.  We have culled the hundreds of new federal funding programs, eliminating those that are inappropriate for or not applicable to Vermont’s municipalities.  Those that remain, we have combined into a single document. For each one, we have reviewed the program details, read the NOFO (Notice of Funding Opportunity) and pulled out the most salient details about the funding source we know at this moment. If you get stuck or feel overwhelmed, don't get discouraged - we can help!  You can book an appointment to self-schedule a video conference with us or send us an email:  

USER TIP:  To search the Guidebook for your topic of interest, you can use the “shortcut keys” on your computer.  Open the document, hit the “Control” and “F” keys simultaneously and then type the keyword you want to search into the dialogue box that opens in the upper right-hand corner of your screen.  If you type “water” it will show you every time “water” is used in the document.


How can we get started in addressing our cybersecurity needs?

The 1st step might be to use free resources to help you know if your computer systems or physical office space are at risk for cybersecurity threats or intrusions.  VLCT has a great resource for this - Technology Assessments - Learn About Your Systems.

If you are ready to dive right in, then discuss your needs internally with the stakeholders in your municipal departments to be sure all are represented and draft a scope of work (SOW).  You can then select an IT consultant and have them (1) thoroughly assess your current system and identify all cyber security vulnerabilities and (2) develop comprehensive recommendations on how to correct those vulnerabilities. Refer to VLCT's Resources for Finding and Selecting IT Services for more information and tools to help you.

Does VLCT have a list of Technology Services vendors?

Yes.  The list can be found HERE.  VLCT has compiled a list of vendors that provide regional technical and security services for municipalities. This is not an exhaustive list. We have not vetted these organizations and do not make and endorsements for a particular provider at this time. For more information on regional tech services and security providers the State of Vermont Office of Purchasing and Contracting (contracts, templates, vendor information, and debarment lists) or visit the Vermont Technology Alliance homepage for vendor lists and services.

Does VLCT have a list of IT and cybersecurity questions already prepared that we can use?

Yes.  VLCT has compiled a list of helpful questions to ask potential information technology and cybersecurity vendors (this list is not exhaustive). This list can be downloaded HERE.

Are you a PACIF member and want access to a free cybersecurity training platform for your office?

PACIF has extended its offer of free access to the KnowBe4 cybersecurity training platform until May 10, 2023, in continuing recognition of the importance of cybersecurity and the fact that municipalities are preferred targets for phishing and email scams.  To learn more click HERE.  

Need one-on-one help? 

Grab 15 minutes with us for an appointment!  Our "Consults on Call" office hours are Wednesdays, 1:00-2:00 pm and 7:00-8:00 pm.  Simply click the blue "Book An Appointment" button, select the date and time that works best for you and complete the details.  If you think you need more than 15 minutes, please email to schedule a longer time slot.