U.S. House Passes Reauthorization Bill for the State and Local Cybersecurity Grant Program

Key Takeaways

On November 17, the U.S. House passed a reauthorization bill for the State and Local Cybersecurity Grant Program (SLCGP). The bill, which is named the Protecting Information by Local Leaders for Agency Resilience (PILLAR) Act (H.R. 5078), would extend authorization for the grant program through 2033. Passage of reauthorization for the SLCGP is a key priority for NACo, and counties urge Congress to pass reauthorization for the program as well as allocate appropriations to support the program. 

What is the SLCGP?

The SLCGP is a cybersecurity planning grant program that helps states and localities adapt solutions to help monitor and track threats across information technology systems. The SLCGP was authorized and funded for a four-year period under the Bipartisan Infrastructure Law, with its expiration date of September 30 2025 extended to January 30 2026 under the Continuing Resolution signed into law in early November. 

States are the primary applicants to the SLCGP, and states are required to provide a combination of funding and in-kind services and program access via pass-through to local governments within 60 days of the receipt of funds. The program as currently authorized is administered via a partnership between the U.S. Department of Homeland Security and the Federal Emergency Management Agency.  

What is new in this reauthorization bill?  

The reauthorization bill provides several changes and additions to the SLCGP, including: 

• Changes to the federal cost-share, where 60% of fundable activities will be covered by the grant program for single-entity applicants and 70% of fundable activities will be covered by the grant program for multi-entity applicants.  
• Inclusion of conditional language to the cost-share, where the federal cost-share is increased by five percentage points if the state (or multi-entity group) has fully implemented multi-factor authentication by October 1 2027.  
• Expansion of eligible use areas for funding, to include support for operational technology systems in addition to information technology, and eligibility for technology systems utilizing artificial intelligence
• Creation of an outreach plan to local governments to provide information on no-cost cybersecurity resources available from the administering agency
• Enhanced mechanisms for information-sharing, to include agreements established through the U.S. Department of Homeland Security State, Local, and Regional Fusion Center Initiative 

Notably, the bill does not include appropriations. Funding levels would be determined annually through the congressional appropriations process, which is a departure from the initial authorization of the program through BIL, which provided advance appropriations for a period of four years. 

What should counties know?  

NACo supports reauthorization of the SLCGP and calls on Congress to include adequate appropriations for the SLCGP to ensure the program remains operational. Reliability and flexibility within the SLCGP will allow counties to plan and facilitate effective cybersecurity plans with confidence. NACo will continue to inform members as updates arise.