Governors, mayors, CIOs sign letter supporting state and local cyber grant reauthorization
A collection of groups representing state and local governments, including the National Governors Association and the National League of Cities, on Wednesday signed a letter asking congressional leaders to reauthorize the State and Local Cybersecurity Grant Program.
The support comes after the House Homeland Security Committee this month voted to extend the program for a decade, though without yet committing to a funding amount. The groups wrote in their letter that the program, which is nearing the end of its four-year run, “has provided states and local governments with the resources they need to bolster their cybersecurity defenses and assisted in modernizing technology systems across the country.”
“As Congress continues working to reauthorize this grant program, we urge you to strongly support its successful continuation by ensuring that any reauthorization is accompanied by a robust appropriation that will allow the program to meet the goals outlined by its authors,” read the letter addressed to Chuck Schumer and John Thune, the Senate’s respective minority and majority leaders, and Mike Johnson, speaker of the House, and Hakeem Jeffries, the House’s minority leader.
“As always, we stand ready to work with you to make our nation’s networks secure, protect critical infrastructure and provide digital services to our citizens,” their letter concludes. “We appreciate your support of efforts at the state and local level to make this very important goal a reality.”
Other groups that affixed their names to the letter include the National Association of State Chief Information Officers, National Conference of State Legislatures, National Emergency Management Association, National Association of Counties, United States Conference of Mayors, The Council of State Governments and the International City/County Management Association.
The grant program, which in its initial run provided $1 billion spread over four years, with growing levels of matching required by state and local governments each year, is now being reconsidered in detail. Through the Protecting Information by Local Leaders for Agency Resilience, or PILLAR, Act, the grants would be renewed for 10 years, requiring a constant 60% funds match from states across the life of the program. States that band together to apply for funding would be required to put up a higher 70% match, but could share the costs.
Policy analysts and former technology officials told StateScoop that they don’t know how much funding would be needed to equip the nation’s local governments with adequate cybersecurity, but no one said they thought that $1 billion was enough for the initial four-year program.
Despite some minor complaints with the SLCGP, like the difficulty of smaller jurisdictions to find budgets for the funding match requirement, it is generally well-liked across party lines. Erik Avakian, Pennsylvania’s former chief information security officer, told StateScoop that the program helped his state to triple the number of licenses it offered for security awareness training.
Whatever level of financial support the grant program achieves, should the PILLAR Act pass, some services would not be available for purchase with the funds, such as those offered by the Multi-State Information Sharing and Analysis Center, which the Department of Homeland Security excluded from the program in its final year. The MS-ISAC has for more than 20 years shared critical cybersecurity intelligence across state lines and provided software and other resources at free or heavily discounted rates.
Industry favors the SLCGP, too. Five industry groups, led by the Alliance for Digital Innovation, this month signed off on a similar letter advocating for the program’s reauthorization. Their funding suggestion was $2.25 billion annually.
“Importantly, while much of our Nation’s critical infrastructure is owned and operated by state and local governments, its cyber defense is not just a local issue,” the industry letter read. “It is a vital component of national security because the Department of Defense relies on this civilian-operated infrastructure for military readiness and power projection, making state, local, tribal, and territorial cybersecurity a foundational element of our national defense posture.”
