House votes to reup cyber grant program

The House of Representatives on Monday passed legislation to reauthorize a federal grant program to strengthen state and local governments’ cybersecurity.

Lawmakers agreed by voice vote to reauthorize the State and Local Cybersecurity Grant Program for 10 years under the Protecting Information by Local Leaders for Agency Resilience Act, known as the PILLAR Act. The program, which expired at the end of September, had already received a temporary reauthorization as part of the deal to reopen the federal government.

The bipartisan legislation, which was introduced this summer, would also stabilize cost-sharing agreements for the grants so that the federal government would provide 60% of a grant to a single entity that applies and 70% for a multi-entity group, with states providing the rest. It advanced by a vote of 21-1 through a September markup in the House Homeland Security Committee.

“This is about strengthening the first line of defense in our nation’s cybersecurity,” Rep. Andy Ogles, a Republican from Tennessee who sponsored the bill, said on the House floor Monday. “We often focus on high-profile national systems, but the reality is that many of the services Americans depend on every single day are run by state and local governments. When a resident pays a utility bill online, when a police department dispatches an officer, when a hospital connects to a county network, all those activities rely on state and local systems that are now squarely in the sights of foreign adversaries and criminal groups.”

Funded initially with $1 billion from the bipartisan infrastructure law, the grant program has proven very popular over the last four years. The Government Accountability Office found in a report earlier this year that the program had helped fund 839 state and local cybersecurity projects as of Aug. 1, 2024, by which time the Department of Homeland Security had provided $172 million in grants to states out of a total $1 billion in funding.

House Committee on Homeland Security Chairman Andrew Garbarino, a Republican from New York, said the program “provides vital resources to bolster our local cyber defenses” and noted its bipartisan support in Congress as well as among state and local leaders.

“We have seen success through efforts such as deploying student-led regional security operations centers in partnership with community colleges to train local cyber talent and providing shared services across the state for end point detection and response capabilities, multi-factor authentication, and cybersecurity trainings, just to name a few,” he said in a statement after the PILLAR Act’s House passage.

The Senate still needs to vote on the bill, and President Donald Trump would need to sign it into law. The program also still requires funding to be appropriated, the level of which is yet to be determined.

A joint letter the Alliance for Digital Innovation, Better Identity Coalition, Cybersecurity Coalition, ITI and TechNet sent to lawmakers in September suggested establishing a stable funding stream of $4.5 billion over two years, noting that the “cost of inaction” would be even higher if Congress does not invest now in a national strategy.

The private sector has been enthusiastic about reauthorization. In an email before the House vote, Ryan Gillis, senior vice president and global head of government partnerships at cloud security company Zscaler, called reauthorization “an essential first step toward securing the federal portion of the investment needed to defend the systems that power our communities and support our military readiness.

“State and local governments are on the frontlines of asymmetric cyber warfare, and they cannot meet this challenge alone,” Gillis continued in an email.

Ogles said that, given the cyber threats that state and local governments face every day and the catastrophic consequences that can occur when they are attacked, the federal government needs to step up and help.

“When the local government falls victim to ransomware, or emergency services are delayed, or when a school district loses a student’s records and basic services are interrupted, citizens lose confidence in those institutions,” he said on the House floor. “This helps prevent those outcomes by equipping state and local leaders with the resources they need to prepare.”