U.S House Subcommittee Considers Reauthorization of the State and Local Cybersecurity Grant Program

Key Takeaways

On April 1, the U.S. House Subcommittee on Cybersecurity and Infrastructure Protection held a hearing on the State and Local Cybersecurity Grant Program (SLCGP) to assess the program’s efficacy, and to discuss its reauthorization and continued funding. The SLCGP provides critical funding to state and local governments to enhance cybersecurity readiness and protection but is set to expire on September 30, 2025. Unless reauthorized by Congress, the Program will not continue to receive federal funding. 

What is the SLCGP? 

The SLCGP passed as a part of the Bipartisan Infrastructure Law in 2021, allocating $1 billion over four years to support state and local cybersecurity efforts. The SLCGP requires state recipients to pass through 80 percent of funding to local governments, in the form of direct funding or in-kind services. Local governments have received benefits that increased minimum benchmarks for local government cybersecurity readiness, while contributing to state efforts to enhance existing cybersecurity plans. 

For small and rural counties, the SLCGP has proved to be an organizing force in increasing the capacity and awareness of key cybersecurity tools, while larger counties have been able to contribute to state-wide cybersecurity planning priorities. Counties advocate that the SLCGP can continue to improve its efficacy by offering more flexibility to larger municipalities who may seek to apply funding to advanced cybersecurity initiatives, while continuing to provide in-kind services and state-wide support for smaller entities that would benefit from shared services. 

What is the status of the SLCGP?

The SLCGP is set to expire on September 30, 2025, after funding appropriated by the Bipartisan Infrastructure Law expires. As the SLCGP enters its final year of funding, counties urge Congress to provide full funding in their upcoming Fiscal Year 2025 appropriations negotiations to ensure that this program continues to support counties in bolstering their cybersecurity infrastructure. To read more about the Congressional budget reconciliation process, read NACo’s blog here.

The House Cybersecurity and Infrastructure Protection Subcommittee oversees the Cybersecurity Infrastructure Security Agency (CISA) and is responsible for strengthening critical infrastructure security and resilience. During the April 1 hearing, the Subcommittee heard from state and local cybersecurity experts on the importance of the SLCGP in protecting local cybersecurity, who cited examples from their localities on the threats averted and infrastructure provided by the SLCGP. 

Counties urge Congress to not only reauthorize the SLCGP but also urge consistency in funding and flexibility for use of funds at different levels of local government. Permitting discretion over how funds are spent within local government allows counties to adapt properly respond to an ever-changing cyber landscape. 

NACo will continue to track developments to the SLCGP and keep members updated as the budget reconciliation process continues.