House passes state and local cyber grant bill, again

The U.S. House of Representatives on Tuesday approved legislation that would create a new grant program giving state and local governments $500 million annually to bolster their cybersecurity efforts. The State and Local Cybersecurity Improvement Act, which has been a longtime priority of the National Association of State Chief Information Officers, passed amid a growing focus from the federal government on ransomware and other threats to government and critical infrastructure.

Under the bill, the grants would be administered by the Cybersecurity and Infrastructure Security Agency, with recipients required to match a portion of any funding they receive. Giving CISA grant-making authority would be a substantial shift for the Department of Homeland Security’s relationships with state and local governments: Currently, states and localities use a portion of money they receive from the Homeland Security Grant program, which is run by the Federal Emergency Management Agency, on cyber-related activities. (Earlier this year, DHS Secretary Alejandro Mayorkas announced a slight increase in the percentage of FEMA grants required to be spent on cybersecurity.)

The bipartisan grant bill, which the House Homeland Security Committee introduced in May, passed Tuesday alongside several other pieces of legislation expanding CISA’s responsibilities, including its roles in mitigating risks to industrial control systems and informing the public about hardware and software vulnerabilities.

A similar grant bill passed the House last year but failed to move forward in the Senate. Since that time, though, state and local officials’ clamoring for direct cybersecurity funding has only increased under an ever-growing scourge of ransomware. A Senate companion to this year’s bill remains elusive, though after a Senate Homeland Security Committee hearing on the topic last month, Maggie Hassan, D-N.H., who’s focused on ransomware attacks against local governments and schools, said she’s had “productive” conversations with her colleagues on a grant program. Sen. Gary Peters, D-Mich., the committee’s chairman, said last week he plans to bring up additional cybersecurity legislation in the coming weeks, but did not name any specific bills, according to The Hill.

NASCIO, which lists cybersecurity grants as one of its top federal priorities, said “we applaud the House passage and look forward to the same in the Senate.” The proposed grant program is also popular with other organizations representing state and local government officials. Earlier this month, nine groups, including NASCIO, the National Governors Association and the National Association of Counties, sent a letter to congressional leaders asking them to include a new cybersecurity grant program in either an infrastructure spending package or government appropriations bill.