Senator Hassan & Congresswoman Clarke Secure State and Local Cybersecurity Grant Program in Bipartisan Infrastructure Package

Source: United States Senator for New Hampshire Maggie Hassan

November 06, 2021

WASHINGTON – U.S. Senator Maggie Hassan (D-NH), Chair of the Emerging Threats Subcommittee, and Congresswoman Yvette Clarke (NY-09) today applauded the inclusion of their state and local cybersecurity grant program in the bipartisan infrastructure package that is now headed to the President’s desk.

“A cyberattack on state or local governments can put schools, electrical grids, and crucial services in jeopardy,” said Senator Hassan. “I have heard directly from New Hampshire local leaders who are eager to strengthen their cybersecurity, but do not have the resources to do so, which is why this new grant program is so important. I look forward to the President signing into law our groundbreaking, bipartisan infrastructure bill that includes our state and local cybersecurity grant program.”

“Cyber attacks have increased at a rapid pace this year and pose a persistent threat to our national security. Ransomware attacks, in particular, have wreaked havoc on state and local governments across the country, disrupting essential government services. The State and Local Cybersecurity Improvement Act is an essential step to ensure our state and local governments are not left to fend for themselves,” said Congresswoman Yvette D. Clarke, Chairwoman of the Homeland Security Committee’s Cybersecurity, Infrastructure Protection, & Innovation Subcommittee. “I am proud of the bipartisan support this bill has received – including the sponsors in the House Representatives Katko, Kilmer, Garbarino, Ruppersberger, Kilmer, and Thompson – and pleased to see it included in the infrastructure package that is headed to the President’s desk.” 

The State and Local Cybersecurity Improvement Act in the bipartisan infrastructure package authorizes a new grant program at the Department of Homeland Security dedicated to improving cybersecurity for state, local, tribal, and territorial entities. This grant program, which will provide $1 billion over 4 years, will be administered by the Federal Emergency Management Agency (FEMA), to take advantage of existing grant systems and expertise, while the Cybersecurity and Infrastructure Security Agency (CISA) would provide cybersecurity subject matter expertise. Representative Clarke introduced the State and Local Cybersecurity Improvement Act in the House in May, following a hearing exploring the impact of ransomware on state and local governments. Senator Hassan has long pushed for this program, and in June led a subcommittee hearing – which included testimony from the New Hampshire Sunapee School District Superintendent – on why this grant program is so important.

Many state and local governments lack the resources to address the increased pace of cyberattacks, with most states only spending 1-3 percent of their overall IT budgets on cybersecurity, compared to about 16 percent for federal agencies. A dedicated grant program will enable state, local, and tribal governments to prioritize cybersecurity investments.

The State and Local Cybersecurity Improvement Act will:

  • Authorize $1 billion over four years to enable state, local, and tribal governments to prioritize cybersecurity investments.
  • Require states to distribute at least 80 percent of funds to local governments, including 25 percent of funds to rural areas.
  • Require states and tribes to submit to CISA a cybersecurity plan, which outlines on how the state or tribe will improve its cybersecurity.
    • This plan must be approved by the state or tribes’ Cybersecurity Planning Committee, which includes representatives from local entities that will help bring more diverse perspectives to the table and improve coordination.

###