Congress Considers Bills to Reauthorize State and Local Cybersecurity Grant Program

Key Takeaways

December 1 Update: On December 1, the U.S. Senate introduced a reauthorization bill for the State and Local Cybersecurity Grant Program (SLCGP), titled the State and Local Cybersecurity Grant Program Reauthorization Act. Introduced by Sen. Maggie Hassan (D-N.H.) and Sen. John Cornyn (R-Texas), the bill has now been referred to the U.S. Senate Committee on Homeland Security and Governmental Affairs. Passage of reauthorization for the SLCGP is a key priority for NACo, and counties urge Congress to pass reauthorization for the program as well as allocate appropriations to support the program.  

November 17 Update: On November 17, the U.S. House passed the PILLAR Act by voice vote, which would reauthorize the SLCGP through 2033. The PILLAR Act was introduced on a bipartisan basis and passed out of the House Homeland Security Committee without opposition in September. 

Original Post: On September 4, the U.S. House Homeland Security Committee introduced and passed the Protecting Information by Local Leaders for Agency Resilience (PILLAR) Act (H.R. 5078), which would extend authorization for State and Local Cybersecurity Grant Program (SLCGP) through 2033. The SLCGP is a key federal program that provides direct funding and in-kind assistance to counties for cybersecurity needs. The program is currently set to expire on January 30, 2026. 

What is the SLCGP?

The SLCGP is a cybersecurity planning grant program that helps states and localities adapt solutions to help monitor and track threats across information technology systems. The SLCGP was authorized and funded for a four-year period under the Bipartisan Infrastructure Law, with its expiration date of September 30 2025 extended to January 30 2026 under the Continuing Resolution signed into law in early November. 

States are the primary applicants to the SLCGP, and states are required to provide a combination of funding and in-kind services and program access via pass-through to local governments within 60 days of the receipt of funds. The program as currently authorized is administered via a partnership between the U.S. Department of Homeland Security and the Federal Emergency Management Agency.  

What is new in this reauthorization bill?  

The reauthorization bill provides several changes and additions to the SLCGP, including: 

• Changes to the federal cost-share, where 60% of fundable activities will be covered by the grant program for single-entity applicants and 70% of fundable activities will be covered by the grant program for multi-entity applicants.  
• Inclusion of conditional language to the cost-share, where the federal cost-share is increased by five percentage points if the state (or multi-entity group) has fully implemented multi-factor authentication by October 1 2027.  
• Expansion of eligible use areas for funding, to include support for operational technology systems in addition to information technology, and eligibility for technology systems utilizing artificial intelligence
• Creation of an outreach plan to local governments to provide information on no-cost cybersecurity resources available from the administering agency
• Enhanced mechanisms for information-sharing, to include agreements established through the U.S. Department of Homeland Security State, Local, and Regional Fusion Center Initiative 

Notably, the bill does not include appropriations. Funding levels would be determined annually through the congressional appropriations process, which is a departure from the initial authorization of the program through BIL, which provided advance appropriations for a period of four years. 

What should counties know?  

NACo supports reauthorization of the SLCGP and calls on Congress to include adequate appropriations for the SLCGP to ensure the program remains operational. Reliability and flexibility within the SLCGP will allow counties to plan and facilitate effective cybersecurity plans with confidence. NACo will continue to inform members as updates arise.