Congress is right, too. In 2021, it established the State and Local Cybersecurity Grant Program (SLCGP) to “award grants to eligible entities to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state, local or tribal governments.”
The SLCGP authorizes $1 billion over four years to help state, local, tribal and territorial governments reduce systemic cyber risks and requires a pass-through of at least 80 percent of those funds to local governments, while reserving 25 percent of those funds for rural jurisdictions. A key component of the SLCGP ties any disbursement of funds to the Cybersecurity Infrastructure and Security Agency’s (CISA) approval of a state’s cybersecurity plan. That proposal must meet the requirements set forth in the SLCGP, such as implementation of the National Institute of Standards and Technology (NIST) cybersecurity framework.
This September, the Homeland Security Committee — with bipartisan support — introduced the Protecting Information by Local Leaders for Agency Resilience Act(PILLAR Act, H.R. 5078), which seeks to not only extend SLCGP for 10 years, but also provide long‑term stability and funding, strengthen milestone‑based accountability, expand its scope to AI and operational technology, and clarify cost‑sharing between federal and state governments.
