About the initiative
A ransomware attack or data breach can cripple essential services and disrupt operations across cities, counties, and school districts. The Iowa Cyber Resilience Initiative is Iowa’s coordinated effort to strengthen cybersecurity readiness across all local governments and public-sector organizations.
Led by Iowa State University’s Center for Cybersecurity Innovation and Outreach (CyIO) and funded through the State and Local Cybersecurity Grant Program (SLCGP), this multi-year initiative delivers targeted services and fosters collaboration to improve the cyber resilience of Iowa’s entire SLTT (State, Local, Tribal, and Territorial) ecosystem.
*This project is supported by the U.S. Department of Homeland Security through the Federal Emergency Management Agency’s State and Local Cybersecurity Grant Program (SLCGP), FY2022.
Statewide Impact, Local Benefits
The Iowa Cyber Resilience Initiative operates on two levels—statewide coordination and local engagement—to ensure every community in Iowa has access to cybersecurity tools, knowledge, and support.
Statewide Projects
As part of the initiative, three major statewide activities help foster collaboration, raise awareness, and build a shared foundation for cyber resilience:
- Iowa Cybersecurity Conference: Brings together state leaders, local officials, and IT/security professionals to share insights, highlight best practices, and explore emerging threats and solutions.
- Regional and Sector-Based CIME Events: Delivers cybersecurity exercises tailored to specific geographic regions or critical sectors (e.g., K-12, public safety, public health) to explore challenges common across similar organizations.
- Statewide Tabletop Exercise: Engages stakeholders across the state in a coordinated simulation to test communication, escalation, and coordination across multiple jurisdictions.
Local Services
Through the FY22 phase, the initiative provides three no-cost services to local entities across Iowa:
- Asset Inventory: It helps jurisdictions identify critical technology systems and build a foundational understanding of what they own and rely on.
- Cybersecurity Incident Management Exercises (CIME): Simulates a real-world cyberattack to help departments test how they would respond and recover under pressure.
- Cybersecurity Assessment: Provides an expert-led evaluation of your cybersecurity practices, risks, and readiness that are aligned with national standards.
ISU delivers these services in partnership with your team. They are designed to help local organizations understand their current posture and prepare for future implementation of security controls.
Benefits of statewide approach
Recovering from a cyberattack can cost millions for local or state governments. Having a unified, statewide strategy is vital to ensure every Iowa community has access to tools and resources to prepare for and respond to a cyber threat. A collaborative approach also fosters innovation and efficiencies across the state.
How to get Involved
We’re inviting Iowa cities, counties, and school districts to sign up to express interest in these FY22 services.
The sign-up form is not a commitment. It simply tells us you’re open to learning more. Once submitted, someone from the Iowa State team will reach out to walk you through the process and help determine if one or more of these projects is a good fit for your organization. You’ll complete a brief consent form to enroll officially if you proceed.
This dual approach—broad statewide coordination combined with targeted local support—ensures that communities of all sizes can participate meaningfully in building Iowa’s cybersecurity resilience.
Laying the Groundwork for the Future
The FY22 projects are just the beginning. The information gathered through inventories, exercises, and assessments will help each jurisdiction—and the state—build a roadmap for implementing specific cybersecurity controls and improvements under the FY23 and FY24 phases of the SLCGP.
Participating entities will receive guidance and support in future phases to implement prioritized security measures based on their needs and readiness.