US State Officials Push for Renewal of State and Local Cybersecurity Grant Program (SLCGP)

State Officials Warn of Cyber Crisis, Urge Congress to Renew Critical Grant Program

INFORMATIONAL
May 22, 2026
June 15, 2026
4m read
Policy and ComplianceRegulatoryOther

Related Entities(initial)

Organizations

U.S. CongressHouse Committee on Homeland SecurityCenter for Democracy and Technology

Other

State and Local Cybersecurity Grant Program (SLCGP)Anthropic

Full Report(when first published)

Executive Summary

Cybersecurity leaders from multiple U.S. states have issued a stark warning to Congress: failure to renew the State and Local Cybersecurity Grant Program (SLCGP) will leave local governments dangerously exposed to cyberattacks. During a House Committee on Homeland Security hearing, officials from Florida, New York, and Tennessee described being overwhelmed by threats from ransomware gangs and nation-state actors, a situation being exacerbated by the rise of AI-powered attack tools. The SLCGP, a $1 billion program, is a critical lifeline that helps under-resourced state, local, tribal, and territorial (SLTT) governments bolster their defenses. Lawmakers are considering the Protecting Information by Local Leaders for Agency Resilience Act to reauthorize the program, but officials stress that without this federal support, the message to local governments is that they are 'on their own' against global threats.

Regulatory Details

  • Program: State and Local Cybersecurity Grant Program (SLCGP)
  • Funding: $1 billion over four years (initially).
  • Purpose: To provide federal funding to SLTT governments to develop and strengthen their cybersecurity capabilities, including developing cybersecurity plans, implementing security controls, and improving incident response.
  • Status: The program is facing expiration, and officials are pushing for its renewal and reauthorization.
  • Proposed Legislation: The 'Protecting Information by Local Leaders for Agency Resilience Act' is a bill aimed at reauthorizing the grant program, potentially with modified structure and oversight to ensure funds are spent effectively.

Affected Organizations

All State, Local, Tribal, and Territorial (SLTT) governments across the United States are affected. These entities are responsible for critical infrastructure, including water utilities, election systems, schools, and emergency services. They are often under-resourced and lack the cybersecurity expertise and budget of federal agencies or large corporations, making them attractive targets for cybercriminals.

Compliance Requirements

To receive SLCGP funds, SLTT governments are typically required to:

  1. Establish a Cybersecurity Planning Committee.
  2. Develop and submit a statewide Cybersecurity Plan.
  3. Assess and identify gaps in their current cybersecurity posture.
  4. Implement security controls aligned with frameworks like the NIST Cybersecurity Framework.
  5. Report on how the grant funds are used to address the identified gaps.

The proposed reauthorization may add more stringent requirements for reporting and measuring the effectiveness of the spending.

Implementation Timeline

The original SLCGP was established as a multi-year program. If Congress does not act to reauthorize it, the funding will cease, and states will no longer be able to apply for new grants. The timeline for renewal is urgent, as states plan their budgets and security projects years in advance. A lapse in funding could force them to abandon critical security initiatives mid-stream.

Impact Assessment

The potential impact of not renewing the SLCGP is severe:

  • Increased Vulnerability: SLTT governments will be less able to defend against ransomware, which can cripple local services like schools, hospitals, and emergency response.
  • Resource Disparity: The gap between the capabilities of attackers (including nation-states) and defenders will widen, especially as adversaries leverage AI to scale their attacks.
  • Inconsistent National Defense: Cybersecurity is a collective defense issue. Weaknesses at the local level can be exploited to impact national security. A successful attack on a local utility or transportation system has national implications.
  • Loss of Momentum: States have used SLCGP funds to build foundational cybersecurity programs. The loss of funding would halt this progress and could lead to the decay of capabilities already built.

Enforcement & Penalties

This is not a matter of penalties for non-compliance, but rather the consequences of inaction by Congress. The 'penalty' for failing to renew the program will be paid by citizens in the form of disrupted public services, stolen data, and taxpayer money being paid out in ransoms.

Compliance Guidance

For SLTT governments, the guidance is to:

  1. Advocate: Continue to communicate the importance of the SLCGP to their federal representatives.
  2. Prioritize: Use existing funds and resources to address the most critical risks first. This means protecting critical infrastructure, securing sensitive data, and developing and testing incident response plans.
  3. Collaborate: Pool resources with other local jurisdictions. Organizations like the Multi-State Information Sharing and Analysis Center (MS-ISAC) can provide valuable support and threat intelligence.
  4. Plan for Uncertainty: Develop contingency budgets and security roadmaps that account for both the presence and absence of future federal grant money. Focus on low-cost, high-impact improvements like implementing MFA, user training, and network segmentation.

Timeline of Events

1
May 22, 2026
This article was published

Article Updates

June 15, 2026

MS-ISAC faces crisis, losing thousands of state and local government members due to federal funding cuts, increasing vulnerability.

Update Sources:
cybersecuritydive.comMS-ISAC enters uncertain new era after losing federal funding and thousands of members

Sources & References(when first published)

US states urge Congress to renew cybersecurity grants
IAPP (iapp.org) May 22, 2026
State Cyber Leaders to Congress: Renew the SLCGP
GovTech (govtech.com) May 22, 2026

Article Author

Jason Gomes

Jason Gomes

• Cybersecurity Practitioner

Cybersecurity professional with over 10 years of specialized experience in security operations, threat intelligence, incident response, and security automation. Expertise spans SOAR/XSOAR orchestration, threat intelligence platforms, SIEM/UEBA analytics, and building cyber fusion centers. Background includes technical enablement, solution architecture for enterprise and government clients, and implementing security automation workflows across IR, TIP, and SOC use cases.

Threat Intelligence & AnalysisSecurity Orchestration (SOAR/XSOAR)Incident Response & Digital ForensicsSecurity Operations Center (SOC)SIEM & Security AnalyticsCyber Fusion & Threat SharingSecurity Automation & IntegrationManaged Detection & Response (MDR)
LinkedIn

Tags

SLCGPCybersecurity GrantUS CongressPolicyGovernmentState and Local Government

📢 Share This Article

Help others stay informed about cybersecurity threats

🎯 MITRE ATT&CK Mapped

Every tactic, technique, and sub-technique used in this threat has been identified and mapped to the MITRE ATT&CK framework for consistent, actionable threat language.

🧠 Enriched & Analyzed

Observables and indicators of compromise (IOCs) have been extracted and cataloged. Risk has been assessed and correlated with known threat actors and historical campaigns.

🛡️ Actionable Guidance

Detection rules, incident response steps, and D3FEND-aligned mitigation strategies are included so your team can act on this intelligence immediately.

🔗 STIX Visualizer

Structured threat data is packaged as a STIX 2.1 bundle and can be visualized as an interactive graph — relationships between actors, malware, techniques, and indicators.

Sigma Generator

Sigma detection rules are derived from the threat techniques in this article and can be converted for deployment across any major SIEM or EDR platform.