{"id":15468,"date":"2026-01-14T10:21:00","date_gmt":"2026-01-14T10:21:00","guid":{"rendered":"https:\/\/newestek.com\/?p=15468"},"modified":"2026-01-14T10:21:00","modified_gmt":"2026-01-14T10:21:00","slug":"cybersecurity-at-the-state-and-local-level-washington-has-the-framework-its-time-to-act","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15468","title":{"rendered":"Cybersecurity at the state and local level: Washington has the framework, it\u2019s time to act"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

The White House\u2019s March 2025 Executive Order (EO) on \u201cAchieving Efficiency Through State and Local Preparedness<\/a>\u201d raised an issue of utmost importance for national security and our critical infrastructure.<\/p>\n

As noted in the order, \u201cfederal policy must rightly recognize that preparedness is most effectively owned and managed at the state, local and even individual levels, supported by a competent, accessible and efficient federal government.\u201d<\/p>\n

Despite claims from various cybersecurity leaders that the March EO is a federal retreat on information technology security, has funding gaps and lacks implementation clarity and expertise at the local level, the president is correct: Local jurisdictions are best positioned to anticipate their electronic security needs, understand their unique weaknesses, vulnerabilities and risks, and are best suited to develop and implement an incident response, mitigation and recovery plan based on their unique circumstances.\u00a0<\/p>\n

Congress is right, too. In 2021, it established the State and Local Cybersecurity Grant Program (SLCGP) to \u201caward grants to eligible entities to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state, local or tribal governments.\u201d<\/p>\n

The SLCGP authorizes $1 billion over four years to help state, local, tribal and territorial governments reduce systemic cyber risks and requires a pass-through of at least 80 percent of those funds to local governments, while reserving 25 percent of those funds for rural jurisdictions. A key component of the SLCGP ties any disbursement of funds to the Cybersecurity Infrastructure and Security Agency\u2019s (CISA) approval of a state\u2019s cybersecurity plan. That proposal must meet the requirements set forth in the SLCGP, such as implementation of the National Institute of Standards and Technology (NIST) cybersecurity framework.<\/p>\n

This September, the Homeland Security Committee \u2014 with bipartisan support \u2014 introduced the Protecting Information by Local Leaders for Agency Resilience Act(PILLAR Act, H.R. 5078), which seeks to not only extend SLCGP for 10 years, but also provide long\u2011term stability and funding, strengthen milestone\u2011based accountability, expand its scope to AI and operational technology, and clarify cost\u2011sharing between federal and state governments.\u00a0<\/p>\n

Combined, the March 2025 EO and the SLCGP create a framework that will succeed if implemented in tandem. Unfortunately, that\u2019s not what happened. In January 2025, the Office of Management and Budget directed all federal agencies to \u201ctemporarily pause all activities related to obligations or disbursement of all federal financial assistance.\u201d This effectively ended all SLCGP disbursements and left it and the EO as unfunded mandates. But that\u2019s not quite where this story ends. As part of the re-opening of the government in November, the SLCGP was potentially resurrected when its authorization was extended to January 30. This is a crucially important development.\u00a0<\/p>\n

Now is the time to act and bring SLCGP fully back to life through the PILLAR Act. With our adversaries already embedded in our critical infrastructure (see Salt and Volt Typhoon, advanced persistent threat actors tied to China\u2019s government), and the recent deployment of AI as a cyber-super-weapon \u2014 as demonstrated by Anthropic\u2019s recent announcement of how its Claude AI was manipulated by Chinese state-sponsored hackers to conduct a large-scale attack executed almost entirely by AI agents \u2014 states and local jurisdictions are even more vulnerable. This is not simply a matter of funding; it\u2019s a matter of national security.<\/p>\n

There should not be much debate as to whether states will utilize SLCGP effectively; they already have the data. As of August 1, 2024, according to the Government Accountability Office, \u201cthe Department of Homeland Security provided approximately $172 million in grants to 33 states and territories\u201d and \u201c[t]he grants are funding 839 state and local cybersecurity projects that align with core cybersecurity functions as defined by [NIST],\u201d including developing cybersecurity plans and policies, employing cybersecurity contractors, upgrading equipment and implementing multi-factor authentication.\u00a0<\/p>\n

The passage of the PILLAR Act will also enhance CISA\u2019s reach, even with its reduced workforce and limited resources, by making it a force multiplier because it can now focus on oversight \u2014 approving state cybersecurity tactics, setting standards and guiding and monitoring priorities \u2014 while state, local and tribal governments execute the day-to-day implementation.<\/p>\n

Not mentioned in the PILLAR Act, but something practical and easily executed as part of the SLCGP, is local governments partnering with private and public universities to tap into a pipeline of students trained in cybersecurity strategy (e.g., law, policy, risk management, governance) and emerging technologies such as artificial intelligence, resulting in lower costs for the local governments, hands-on experience for students and community building and outreach between local governments and universities.\u00a0<\/p>\n

The PILLAR Act has bipartisan support, and the president\u2019s March 2025 EO reinforces everything contained within it. We now have the framework for securing our state, local and tribal governments. Let\u2019s get this done immediately, as the stakes have never been higher and our national security depends on it.\u00a0<\/p>\n

This article is published as part of the Foundry Expert Contributor Network.
<\/strong>Want to join?<\/strong><\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

The White House\u2019s March 2025 Executive Order (EO) on \u201cAchieving Efficiency Through State and Local Preparedness\u201d raised an issue of utmost importance for national security and our critical infrastructure. As noted in the order, \u201cfederal policy must rightly recognize that preparedness is most effectively owned and managed at the state, local and even individual levels, supported by a competent, accessible and efficient federal government.\u201d Despite… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15468","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15468","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15468"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15468\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15468"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15468"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}