A bipartisan pair of senators introduced a bill on Monday to reauthorize a federal cybersecurity grant program for state and local governments.
The State and Local Cybersecurity Grant Program Reauthorization Act, from Sens. Maggie Hassan, D-N.H., and John Cornyn, R-Texas, would reauthorize the program of the same name, which expired on Oct. 1 and was then temporarily renewed through Jan. 30 in the latest government funding bill.
State and local officials have called the grant program vital to their cybersecurity efforts. Local governments are on the front lines of protecting U.S. water supplies and other critical infrastructure, but many of them lack the resources to hire dedicated security personnel or pay for expensive monitoring and response services.
The program “has given states and localities critical resources to strengthen their cyber defenses,” Hassan said in a statement.
There is bipartisan support for renewing the grant program, given the widespread state and local advocacy for it. In November, the House passed a reauthorization bill and sent it to the Senate. Both that bill and the Hassan-Cornyn legislation have been referred to the Senate Homeland Security Committee. A spokesperson for the committee’s chairman, Rand Paul, R-Ky., did not immediately respond to a request for comment about his position on the grant program.
Growing threats, growing need
The latest effort to revive the grant program comes as hackers increasingly target state and local government offices, which manage sensitive data and important infrastructure but lack robust defenses and often have a wide range of basic vulnerabilities.
State and local governments “are under constant cyber and physical attack from a wide range of adversaries, including nation-state actors, cybercriminals, and hacktivists,” the Multi-State Information Sharing and Analysis Center (MS-ISAC), a collaboration group for state and local officials, said in a February report. “These threats are increasingly sophisticated, multidimensional, and capable of disrupting essential services such as healthcare, education, water, and emergency response.”
Ransomware gangs, in particular, have gravitated toward attacking local governments. In recent years, major cyberattacks have struck Atlanta, Baltimore, Columbus, Dallas and New Orleans, along with other cities in states such as Michigan, New York and Texas. A 2023 Sophos study chartered a significant increase in attacks on state and local governments that outpaced the overall trend.
Meanwhile, the federal government has reduced its support for state and local governments. The Cybersecurity and Infrastructure Security Agency recently stopped funding the MS-ISAC, forcing the group to adopt fees that have driven away many of its most resource-constrained — and thus most vulnerable — members. And the Trump administration’s layoffs and buyouts have eliminated many CISA employees who worked closely with state and local governments.
