DHS announces new funding for the State and Local Cybersecurity Grant Program

Key Takeaways

On September 23, the Department of Homeland Security announced a new funding round for the State and Local Cybersecurity Grant Program (SLCGP). The SLGCP provides $1 billion over four years to state, local, and tribal governments to implement cybersecurity plans and build resilience against emerging threats as a part of the Bipartisan Infrastructure Law (BIL).  

This year’s allocation is $279.9 million, notably less than the fiscal year 23 (FY23) allocation of $375 million. Applications for funds must be submitted by December 2, 2024. Eligible entities for this program are state governments, and the program structure design allows for local governments to receive 80 percent of the funding via either pass-through funding or in-kind services. Counties should be advised that eligible entities may request counties to contribute to the non-federal cost-share element of a state’s application, which for this grant year is 3 percent for a single-entity applicant or 20 percent for a multi-entity applicant.  

Slight changes have come to the SLCGP for FY2024, including broadening the criteria for applications. In FY22 and FY23, state and local governments were limited to specific objectives of the program, where now applications can focus on any of these four objectives:  

1. Develop and establish appropriate governance structures, including developing, implementing, or revising cybersecurity plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations 
2. Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments 
3. Implement security protections commensurate with risk 
4. Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility 

The SLCGP requires that 25 percent of state allocations must benefit rural areas. Local and state governments have 48 months to complete projects and expend allocated funds. The BIL provided funding for four years, with FY 25 being the last year of the program.  

NACo encourages counties to coordinate with statewide cyber planning committees to prepare a proposal for the program. NACo will continue to monitor the program and update counties with any developments.