House passes bill to reauthorize state and local cyber grant program

The House of Representatives passed a bill by voice vote Monday evening that would reauthorize the State and Local Cybersecurity Grant Program until 2033.

Enjoying bipartisan support, the Protecting Information by Local Leaders for Agency Resilience, or PILLAR, Act is now open to be considered by the Senate. The legislation remains without a funding amount, but that the bill has so far been viewed by Congress as uncontroversial could mean a revival of one of the few remaining federal mechanisms for bolstering the cybersecurity of poorly resourced local governments.

Rep. Andrew Garbarino, a Republican from New York, on Tuesday noted that the persistent cyberattacks against school districts, police departments and far-flung municipal offices “may not always make national headlines, but they have real consequences.” In support of the bill, he added that “when our communities are more secure, our entire nation is more secure.”

The bill’s passage in the House was also widely supported by public associations and private industry. Ryan Gillis, an executive with the cybersecurity firm Zscaler, wrote in an emailed statement that the bill’s advancement was an “essential first step toward securing the federal portion of the investment needed to defend the systems that power our communities and support our military readiness.”

At least a dozen other organizations voiced support online, including the National Council of State Legislatures and the Interstate Natural Gas Association of America, which noted the bill’s support of “our collective national and economic security.” Among the bill’s revisions to the legislation that created the initial four-year program is an explicit coverage not only of the IT systems ungirding services that state and local governments provide to the public, but the operational technology that supports the nation’s critical infrastructure. As is the current fashion, the bill also adds explicit coverage of IT systems powered by artificial intelligence.

“We acknowledge that cyber risk extends from everything from industrial control systems at water treatment plants to connected devices in public safety networks to AI-enabled tools used by local agencies,” Rep. Andrew Ogle, a Republican from Tennessee who introduced the bill said during Monday’s hearing.

Pablo Jose Hernandez Rivera, the resident commissioner of Puerto Rico, pointed out during Monday’s hearing the cyber grant program’s positive reviews from state and local governments. He pointed to a recent assessment conducted by the National League of Cities and the National Association of State Chief Information Officers showing that — “from Connecticut to Kentucky to Utah” — “the program has worked.” In a statement supporting the legislation last week, NASCIO’s executive director, Doug Robinson, noted that “continued and predictable funding for SLCGP is critical to sustaining a ‘whole-of-state’ approach to cybersecurity.”

Rivera also pointed out that despite the initial four-year program’s success, many municipalities, especially those in rural areas, remain “unacceptably vulnerable,” particularly given cuts that President Donald Trump’s administration has made to other programs, such as the Multi-State Information Sharing and Analysis Center operated by the nonprofit Center for Internet Security.

“The PILLAR Act reauthorizes and strengthens this program so that it reflects the threat environment we face today,” Ogles said Monday, adding that it would continue to encourage best practices like multi-factor authentication, stronger identity and access management, continuous vulnerability monitoring and assessments, and adherence to federal cybersecurity frameworks, like those supplied by the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology.

In the initial run of the grant program, states were required, either through direct disbursements or provision of cybersecurity services, to use 80% of their funding in support of local governments, a recognition that local governments were in greatest need of support. Ogles pointed out on Monday that many local governments, particularly those with small populations or those located in rural areas, are “now squarely in the sights” of malign foreign actors and that “that is not a fair fight and it’s not a sustainable model for national security.”