The State and Local Cybersecurity Grant Program (SLCGP) was launched as part of the 2021 infrastructure law to help states and localities bolster their cybersecurity defenses. State and local agencies hold incredibly sensitive data yet historically lack the budget and staff to implement modern security tools and approaches, making them a target for threat actors. The SLCGP was designed to bridge this gap, allowing states to bolster their cyber infrastructure. Funding for this program is set to expire in September 2025, leaving states worried about how they will continue to maintain and enhance their cybersecurity postures.
What is the SLCGP?
The Cyber Grant Program is jointly administered by the DHS's Federal Emergency Management Agency and the Cybersecurity and Infrastructure Security Agency. It requires states to funnel 80% of the funding to local governments, which are often the shortest on IT staff and funding, to ensure the equitable distribution of funding across organizations.
What has the SLCGP achieved?
A Government Accountability Office (GAO) report detailed that as of August 1, 2024, the SLCGP program had funded 839 projects, covering a wide range of security needs. This represented $172 million in grants provided to 33 states and territories.
The report found that the federal agencies and applicants met all the grant program's requirements and that the programs were aligned with the voluntary National Institute of Standards and Technology Cybersecurity Framework.
Of that funding, $42 million went to projects related to identifying risks, which includes risk assessment and asset management. Forty-three projects for detecting cybersecurity events received $22 million in funding, and 52 governance projects that included cybersecurity policy, oversight, and workforce investments received $12 million.
Some project examples:
- Minnesota invested in expanding its Security Operations Center (SOC) to provide 24/7 monitoring and response for participating municipalities, including school districts and counties.
- Utah used funds to develop a centralized cybersecurity service that local governments can opt into, providing them with threat detection, incident response, and security operations support.
- North Carolina conducted vulnerability and risk assessments across multiple municipalities to inform local cybersecurity strategies.
- Maryland created a "community of practice" for wastewater utilities.
- Texas developed tools to streamline the reporting and tracking of cybersecurity incidents across jurisdictions.
Now that these cyber programs are implemented, states are working on how to continue to maintain and grow them.
What's next?
State and local leaders have been vocal in urging Congress to reauthorize the SLCGP to help support the progress state and local agencies have made in the past three years. Without federal support, the GAO report found that smaller towns and cities may be "deciding between spending on paving roads or cybersecurity practices." In fact, Minnesota has identified $10.8 million in funding from cybersecurity grants at risk, which are crucial for protecting approximately 55,000 devices across 200 agencies.
Building funding into state budgets is difficult because there is no clear mandate about what percentage of funding should go to cybersecurity. This means that all cybersecurity funding has to be weighed against other priorities.
To meet cybersecurity funding shortfalls, states are looking into other grant programs as well as seeking partnerships with private sector entities to share resources and expertise.
To stay on top of cybersecurity trends for state and local agencies, check out these resources from GovEvents and GovWhitePapers.
- Maryland Digital Government Summit 2025 (June 9, 2025; Hanover, MD) - This event brings together public-sector leaders and technology professionals to explore innovative solutions to solve government problems. Key themes include cybersecurity, digital transformation, AI implementation, data governance, and fostering collaboration across multiple stakeholders.
- Illinois IT Leadership Forum 2025 (June 10, 2025; Springfield, IL) - This event is designed for current and emerging public-sector IT leaders to explore technological advancements that drive government innovation.
- Public Sector Cyber AI Convergence Summit (June 18, 2025; Reston, VA) - This session delves into AI's role in identifying vulnerabilities, predicting potential threats, and enhancing decision-making processes in cyber defense. Panelists will share actionable insights from real-world applications, showcasing how AI supports mission-critical operations and drives resilience across the public sector.
- SANS 2025 Government Security Forum (July 22, 2025; webcast) - Gain intelligence, tools, and real-world strategies needed to defend your agency against next-generation cyber threats.
- Generating Opportunity: The Risks and Rewards of Generative AI in State Government (white paper) - Generative AI is rapidly shaping the future of state government, presenting both opportunities and challenges for CIOs. States are beginning to explore AI for tasks like cybersecurity, document management, and call-center assistance, but adoption must be guided by clear policies and responsible oversight. As AI becomes more integrated into public-sector operations, state leaders must strike a balance between innovation and accountability to maximize its benefits while mitigating risks.
- Evolution of Law Enforcement: Powered by Technology (white paper) - Law enforcement agencies are facing a tough balancing act with too few resources, too much data, and rapid technological change. AI introduces efficiencies as well as challenges, including data overload and cybersecurity concerns. Learn how law enforcement organizations are adopting AI-driven automation, cloud solutions, and integrated digital platforms to improve efficiency, compliance, and proactive crime prevention.
For more information on cybersecurity for state and local agencies, search for additional events and resources on GovEvents and GovWhitePapers.
