Penelope Iroko Table of Contents
The Cybersecurity Grant Program is back before Congress after expiring on October 1, with bipartisan support to restore funding for state and local defenses. Temporary dollars run through January 30.
Senators Maggie Hassan and John Cornyn introduced a reauthorization bill, mirroring House action in November, to keep critical aid flowing to resource‑constrained agencies.
Local leaders argue renewed funding is needed as ransomware and disruptive intrusions strain limited staff, tools, and incident response capacity.
Cybersecurity Grant Program: What You Need to Know
- Congress weighs bipartisan reauthorization to sustain state and local cyber funding amid persistent ransomware risks and shrinking federal support services.
Recommended tools for public‑sector security teams
- Bitdefender – Endpoint protection to block malware and ransomware.
- 1Password – Enterprise password management and secure access.
- Tenable – Discover and prioritize vulnerabilities across assets.
- EasyDMARC – Email authentication to cut spoofing and phishing.
Why the Cybersecurity Grant Program matters now
State and local agencies operate essential services, water, healthcare, and public safety, yet many lack 24/7 monitoring and specialized staff.
The Cybersecurity Grant Program targets baseline gaps, funding detection, response, and resilience projects that harden high‑value assets.
Backers say it has given jurisdictions foundational capabilities otherwise out of reach. This aligns with urgent needs in state local government cybersecurity, where underfunded teams face sophisticated adversaries.
Ransomware and other threats are surging
Ransomware attacks on local governments continue to rise, with city halls and services in Atlanta, Baltimore, Columbus, Dallas, and New Orleans repeatedly disrupted. A 2023 Sophos study reported attacks on state and local governments increasing faster than the overall trend.
The Multi‑State Information Sharing and Analysis Center warned that nation‑states, criminals, and hacktivists can disrupt healthcare, education, water, and emergency response. For context on ransomware‑as‑a‑service and evolving tactics, see recent analyses.
Agencies aiming to strengthen response can review guidance on cyber incident response and consider advanced countermeasures such as AI‑assisted ransomware defense.
Where Cybersecurity Grant Program reauthorization stands in Congress
The House passed a reauthorization bill in November and sent it to the Senate. Senators Hassan (D‑N.H.) and Cornyn (R‑Texas) introduced a companion measure, the State and Local Cybersecurity Grant Program Reauthorization Act.
Both are before the Senate Homeland Security and Governmental Affairs Committee. A spokesperson for Chair Rand Paul (R‑Ky.) did not comment on timing.
Lawmakers are working to finalize the Cybersecurity Grant Program before temporary funding ends on January 30.
Federal support has shrunk as risks grow
At the same time, broader federal assistance has contracted. CISA recently ceased funding for the MS‑ISAC, triggering membership fees that have strained the most resource‑constrained jurisdictions.
Past layoffs and buyouts also reduced CISA roles that historically supported state and local partners. In this context, the Cybersecurity Grant Program remains a key lifeline to offset gaps in services and tooling.
How the Cybersecurity Grant Program helps on the ground
Grants enable smaller municipalities and large cities to execute practical projects when budgets fall short. Typical investments include:
- Modernizing asset inventories and vulnerability management
- Deploying endpoint detection and response across fleets
- Implementing secure backup and recovery strategies
- Expanding 24/7 SOC monitoring and incident response planning
Recovery is complex and costly; see this post‑ransomware recovery overview and practical steps to defend against ransomware for actionable guidance aligned with grant priorities.
Implications of renewing the Cybersecurity Grant Program
Advantages:
Reauthorization would preserve momentum from earlier awards and continue raising baseline security across networks, identities, and data.
Multi‑year grants help agencies prioritize patching, segmentation, logging, and incident readiness while tackling widely exploited weaknesses.
Challenges:
Reliance on time‑limited federal dollars complicates staffing and long‑term planning, and demand routinely outstrips available funds.
Without complementary federal services such as low‑cost information‑sharing and no‑fee monitoring, the Cybersecurity Grant Program alone may not close gaps in the smallest jurisdictions.
Strengthen your cyber program with vetted platforms
Conclusion
Congressional action on the Cybersecurity Grant Program comes as ransomware and disruptive intrusions threaten essential public services. Local agencies need predictable investments to sustain hardening and response.
With House passage in hand, attention shifts to the Senate Homeland Security and Governmental Affairs Committee to advance reauthorization before the January 30 funding deadline.
Continued support for the Cybersecurity Grant Program, paired with collaboration and fundamentals, will determine how well states and municipalities withstand the next wave of attacks.
Questions Worth Answering
What does the Senate bill do?
- It reauthorizes the Cybersecurity Grant Program to fund state and local improvements in prevention, detection, and incident response.
Why do local governments need dedicated cyber funds?
- They protect critical infrastructure and sensitive data but often lack staff, tools, and 24/7 monitoring to manage escalating threats.
What is the current legislative status?
- The House approved reauthorization in November. The Hassan‑Cornyn bill and the House measure await action in the Senate Homeland Security and Governmental Affairs Committee.
Who supports reauthorization?
- Bipartisan lawmakers, state CISOs, and municipal leaders back renewal given rising attack frequency and constrained budgets.
How does this intersect with ransomware trends?
- Ransomware frequently disrupts local services; grant dollars help fund resilience, staff training, EDR, backups, and incident response plans.
What changed with MS‑ISAC support?
- CISA stopped funding MS‑ISAC, introducing fees that have pressured smallest members, heightening reliance on the Cybersecurity Grant Program.
About the Multi‑State Information Sharing and Analysis Center (MS‑ISAC)
MS‑ISAC is the nationwide cyber threat‑sharing hub for U.S. state, local, tribal, and territorial governments.
Its reports highlight sophisticated adversaries capable of disrupting essential services and operations.
Recent funding shifts have limited access for the most resource‑constrained members.
About Maggie Hassan
Sen. Maggie Hassan represents New Hampshire and focuses on cybersecurity, infrastructure, and innovation policy.
She co‑sponsored the Senate bill to reauthorize the Cybersecurity Grant Program for state and local agencies.
Her bipartisan work with Sen. John Cornyn underscores broad support for the program’s renewal.
Explore more trusted solutions: Optery, Tenable, Foxit – streamline privacy, exposure management, and secure documents in one move.
