State leaders renew call for cyber grant program’s renewal

Screenshot via House Homeland Security Committee on YouTube

Featured eBooks
Artificial Intelligence and Efficiency
Changing Workforce
Future of Tech Infrastructure
Insights & Reports
Future-Proofing Your Finance Cycle Management
Presented By ClearGov
Download Now
Beyond black box AI: A better approach to legal data intelligence
Presented By Relativity
Download Now
Chris Teale By Chris Teale,
Managing Editor, Route Fifty

By Chris Teale

|

The State and Local Cybersecurity Grant Program is facing down a September deadline for reauthorization. Without it, officials warned that current efforts would lose momentum.

State leaders once again reiterated their calls for Congress to reauthorize and fund a popular cybersecurity grant program at a House hearing last week.

Officials said the State and Local Cybersecurity Grant Program, which has been reauthorized by the House but awaits action in the U.S. Senate before it expires in September, has been helpful for governments looking to build their cyber resilience against growing threats and must be allowed to continue.

“The scale, speed, and complexity of today’s threat environment require sustained funding, operational flexibility, and the ability to respond at the pace of emerging threats,” Tennessee Chief Information Officer Kristin Darby said in written testimony before the House Homeland Security Committee’s Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation last week. “The State and Local Cybersecurity Grant Program is one of the most effective tools available to strengthen our collective defense.”

Related articles

New Senate bill would reauthorize cyber grant program

House votes to reup cyber grant program

Government funding deal reups cyber grant program

New bill would reauthorize state and local cyber grant program

The $1 billion cyber grant program was initially funded through a 2021 infrastructure law and received a temporary extension of its authority through September as part of a government funding deal last year. The House voted in November to approve the Protecting Information by Local Leaders for Agency Resilience — or PILLAR — Act, which would reauthorize the grant program for another 10 years. A companion bill is pending in the Senate, albeit with only a one-year extension.

Witnesses at this latest House hearing said the cyber grant program has been crucial in helping them strengthen their cybersecurity postures, although much more work lies ahead. Darby said the $21 million in grant funding that Tennessee has received has secured almost 90,000 endpoints across local governments and provided cybersecurity training to more than 21,000 local government employees.

That grant funding, the majority of which has been passed to local governments, has also supported programs like managed endpoint detection and response; cybersecurity awareness training; critical infrastructure improvements like firewalls and disaster recovery systems; and managed services for jurisdictions without IT staff, Darby said.

What happens next remains an open question, however, especially if more money is not appropriated to the program. Outside groups have previously called for a stable funding stream of $4.5 billion over two years. Darby said that, without continued funding, local governments would lose access to various programs and services that require subscription funding, they and would be unable to sustain various managed services or make further investments. She also warned of job cuts if the grant program dries up.

“Most importantly, we risk losing the momentum, relationships, and trust that have been built through our whole-of-state approach,” Darby said. “Cyber adversaries are not slowing down. If funding and support diminish, the gap between attackers and defenders will widen.”

Speakers had various suggestions for how the program could be improved. Darby and Colin Ahern, New York’s director of security and intelligence, urged the subcommittee to fund the program consistently over multiple years to allow states to carry out longer-term procurements and initiatives, while Ahern said eliminating cost-share match requirements could help reduce the burden of cost sharing on smaller jurisdictions.

Ahern also said that the program should be amended to allow states and localities to buy memberships and services from the Multi-State Information Sharing and Analysis Center, which recently moved to a membership model after seeing its federal funding cut. All speakers agreed that the federal government must be a strong partner in any cybersecurity efforts alongside states and localities.

“The federal government is an essential partner in this work,” said Florida CIO Warren Sponholtz in written testimony. “Federal intelligence collection and sharing brings national visibility that no individual state can replicate. Federal advisories, threat feeds, automated indicator sharing, vulnerability guidance, and incident coordination help states understand what is happening across the country and what may be heading toward our jurisdictions.”

There appears to be broad bipartisan support for helping state and local governments in their cybersecurity posture and a recognition that, while it may need tweaks, the cyber grant program has been a positive step forward.

“The premise was simple [behind the grant program],” Rep. Andy Ogles, a Tennessee Republican who chairs the subcommittee, said in his opening statement. “A small town faces the same threats as a large city, and a rural county is not exempt from Chinese or Russian cyber actors just because it has a limited IT budget. That program helped communities that could not otherwise help themselves. Unless Congress acts, that program expires this September. We should not let that happen, and we certainly should not let it happen at a moment when the threat is growing ever worse.”

NEXT STORY: Aligning state and local AI security investments with the Cyber Strategy for America

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.