The PILLAR Act just passed, reauthorizing millions in DHS cybersecurity grants for Tribal governments. Here’s what you need to know—and why preparation matters more than timing.
The challenge facing Tribal leaders when it comes to federal cybersecurity grants isn’t just about meeting deadlines. It’s about having the right documentation, governance structures, and strategic plans in place before those tight application windows open.
In 2023, the Department of Homeland Security made $374.9 million available to help tribal communities protect against cyber-attacks. But here’s the reality: many Tribes weren’t able to respond effectively because the application period was brief and the requirements were extensive. Those who had prepared in advance were able to act quickly. Those who hadn’t simply ran out of time.
Now, with the recent passage of the PILLAR Act, that opportunity is coming around again—and the window will likely be just as narrow.
What the PILLAR Act Means for Tribal Nations
The PILLAR Act (Protecting Information by Local Leaders for Agency Resilience Act) reauthorizes the DHS State and Local Cybersecurity Grant Program for seven years. This program provides critical funding to state, local, tribal, and territorial governments to strengthen their cybersecurity defenses.
Here’s what Tribal governments can access:
Federal Cost Share
60% for single-entity applications, 70% for multi-entity collaborative applications
Bonus Funding
An additional 5% federal cost share by FY 2028 for Tribes that implement multi-factor authentication (MFA)
Broad Coverage
Funding applies to information systems, operational technology (OT), and even AI-based security solutions
Long-Term Planning
With seven years of reauthorization, Tribes can build sustainable cybersecurity strategies rather than one-off fixes
The legislation specifically calls for outreach to small communities and emphasizes that funding recipients should plan for long-term cybersecurity costs within their own budget processes. In other words, this isn’t just about buying technology—it’s about building lasting resilience.
Why Past Application Windows Were So Challenging
Based on recent grant cycles, Tribal Nations have faced application windows as short as two weeks. That’s not much time when you’re also managing:
Establishing or updating a Cybersecurity Planning Committee
Developing a Cybersecurity Plan that meets CISA (Cybersecurity and Infrastructure Security Agency) standards
Creating detailed project plans with investment justifications
Registering on Grants.gov and confirming eligibility
Coordinating with potential partners for multi-entity applications
If these elements aren’t already in place, two weeks isn’t enough time to do them well—or sometimes, to do them at all.
What Successful Grant Applications Require
To qualify for DHS cybersecurity grant funding, Tribal governments typically need to demonstrate:
Governance Structure
A Tribal Council or governing body that includes a Grants Administrator and CIO/CISO (or equivalent with IT expertise)
Cybersecurity Planning Committee
A designated group responsible for cybersecurity strategy and oversight
CISA-Compliant Cybersecurity Plan and Charter
Documentation that meets federal standards for best practices
Detailed Project Plans
Investment justifications that explain how funds will be used, when, in what order, and by whom
Key Insight: The Tribes that secured funding in previous cycles were the ones who had this foundation already built.
REDW Is Helping Tribal Nations Prepare
At REDW, we work with Tribal governments year-round to build the documentation, governance, and strategic plans that make grant applications successful. Our approach is flexible because we understand that every Tribe has different levels of internal capacity and resources.
We help Tribes establish the foundational elements required for successful grant applications:
Governance Structure Development
We help establish or strengthen your Tribal Council oversight, designate a Grants Administrator, and identify or develop your CIO/CISO function with appropriate IT expertise.
Cybersecurity Planning Committee Setup
We guide the formation of a properly structured committee with the right representation, clear responsibilities, and effective governance processes.
CISA-Compliant Cybersecurity Plan & Charter
We build comprehensive plans and charter documents that meet federal standards and demonstrate your Tribe’s commitment to cybersecurity best practices.
Strategic Project Planning & Budget Alignment
We align your cybersecurity risks to a detailed funding roadmap, creating investment justifications that explain how funds will be used, when, in what order, and by whom.
Full-Service Application Support
We draft, compile, and submit the application on your behalf—handling narratives, budgets, compliance documentation, and project justifications. This minimizes the workload for your team and ensures nothing is overlooked.
Advisory Coaching
We guide your internal staff through the process, providing templates, review checklists, best practices, and structured walkthroughs. This builds your team’s capacity while ensuring you meet all DHS and FEMA requirements.
Either way, we’re focused on positioning your Tribe for success—not just in securing this grant, but in strengthening your long-term cybersecurity posture.
The Case for Preparing Now
While the exact application deadline hasn’t been announced yet, history tells us it will likely be short. Tribes that begin preparation now will be able to:
01
Act quickly when the window opens
02
Submit stronger applications that are more thorough and complete
03
Demonstrate readiness and strategic thinking to reviewers
04
Avoid the scramble that leads to missed opportunities
The PILLAR Act’s passage is a clear signal that this funding is coming. The question is whether your Tribe will be ready to seize it.
Getting Started
If you’re ready to position your Tribal Nation for cybersecurity grant success, we’d be glad to discuss your current state and what preparation looks like for your specific situation.
John W. Graham is offering complimentary 60-minute cybersecurity strategy consultations (a $1,500 value) to Tribal leaders who want to understand their options and build a roadmap for grant readiness.
Whether you need full-service support or prefer a coaching approach that empowers your internal team, we’ll help you determine the best path forward.
REDW’s trusted advisors have served Sovereign Tribal Nations for over 40 years. We understand and respect tribal sovereignty and culture and have become deeply invested in the financial well-being of tribal communities. Our expert cybersecurity team understands both the technical requirements of federal grant programs and the unique governance structures of Tribal governments. We’ve helped organizations navigate complex compliance requirements, build sustainable security strategies, and secure the funding needed to protect their communities.
