Government funding deal reups cyber grant program

d3sign via Getty Images

Featured eBooks
Future-Ready Workforce
Read Now

Health Tech

Read Now

AI Applications

Read Now
Insights & Reports
The Federal Threat: 98% of npm & PyPI Malware Neutralized With a Source-First Approach
Presented By Chainguard
Download Now
AI for Government Legal Teams: What’s Possible
Presented By Filevine
Download Now
Chris Teale By Chris Teale,
Managing Editor, Route Fifty

By Chris Teale

|

Lawmakers reauthorized the State and Local Cybersecurity Grant Program as part of the deal to reopen the federal government, but funding remains an open question.

The end of the longest federal government shutdown in history late Wednesday night also reauthorized a popular federal cybersecurity grant program for state and local governments.

Congress included a reauthorization of the State and Local Cybersecurity Grant Program in its spending deal, after the program expired in September. The $1 billion program was originally funded by the 2021 infrastructure law and has proven very popular with state and local governments. Legislation to extend the program for another 10 years has advanced in the House and is awaiting a floor vote.

State tech leaders praised the reauthorization’s inclusion in Congress’ continuing resolution, which also ended the 43-day shutdown and funded the Supplemental Nutritional Assistance Program through Sept. 2026. In a statement before the bill’s final passage, the National Association of State Chief Information Officers said it was “encouraged” to see the grant program included in negotiations.

Related articles

New bill would reauthorize state and local cyber grant program

States used cyber grants for ‘hundreds’ of key projects, report finds

Cyber grant funding lapses soon and state leaders want it renewed

How two states have spent their share of the $1B in cybersecurity grants

“SLCGP has been instrumental in helping state and local governments strengthen their cybersecurity defenses and the inclusion of both demonstrates that Congress is indeed taking this issue seriously,” NASCIO continued.

While largely recognized as a starting point ahead of further investment, states and localities have made use of the grant program in their efforts to bolster cybersecurity.

The Government Accountability Office found in a report earlier this year that the program helped fund 839 state and local cybersecurity projects as of Aug. 1, 2024, by which time the Department of Homeland Security had provided $172 million in grants to states out of a total $1 billion in funding. Those projects included developing cybersecurity policy, hiring cybersecurity contractors, upgrading equipment and implementing multi-factor authentication.

State leaders had been sounding the alarm for some time about the program’s expiration and called on Congress to invest further. In testimony before the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, Utah CIO Alan Fuller said that while the program is “not a ‘silver bullet’ that can entirely solve our nation’s cybersecurity challenges,” it helps “stakeholders develop a solid foundation on which to continue to strengthen their defenses and modernize both their technology and processes.”

Lawmakers introduced the Protecting Information by Local Leaders for Agency Resilience Act, known as the PILLAR Act, to reauthorize the program for 10 years, and stabilize cost-sharing agreements so that the federal government would provide 60% of a grant to a single entity that applies and 70% for a multi-entity group, with states providing the rest.

Still up for discussion is how much funding the grant program should now receive. In early September, a joint letter from the Alliance for Digital Innovation, Better Identity Coalition, Cybersecurity Coalition, ITI and TechNet suggested establishing a stable funding stream of $4.5 billion over two years, noting that the “cost of inaction” would be even higher if Congress does not invest now in a national strategy.

“While non-federal governments must take on their requisite cybersecurity responsibilities, they cannot meet this challenge alone,” the’ letter said at the time. “The scale and urgency of this national security challenge require a coordinated national response, backed by sustained federal investment. Allowing the program to lapse would weaken domestic cyber resilience and give adversaries an opportunity to exploit known vulnerabilities at a time of rising geopolitical tension.”

NASCIO warned that this reauthorization is not enough, and called on lawmakers to act to make this program and a key cybersecurity data-sharing law that also was reupped more permanent.

“However, this extension of both laws is only a temporary solution to a significant and pressing problem,” the group said in its statement. “Congress should act swiftly to provide certainty and stability for state governments by passing a long-term extension of both programs, combined with adequate levels of funding, that will allow stakeholders to strengthen their cyber defenses and meet the challenges of the future.”

NEXT STORY: CMMC enforcement begins after eight years of warnings