U.S. Sen. Maggie Hassan

WASHINGTON – U.S. Sen. Maggie Hassan, chair of the Emerging Threats and Spending Oversight Subcommittee, successfully led efforts to create and fund a state and local cybersecurity grant program in the recently released bipartisan infrastructure package.

The State and Local Cybersecurity Improvement Act authorizes a new grant program at the Department of Homeland Security dedicated to improving cybersecurity for state, local, tribal, and territorial entities. This grant program, which will provide $1 billion over 4 years, would be administered by the Federal Emergency Management Agency (FEMA), to take advantage of existing grant systems and expertise, while the Cybersecurity and Infrastructure Security Agency (CISA) would provide subject matter expertise. Senator Hassan has long pushed for this program, and in June led a subcommittee hearing on why this grant program is so important.

“State and local governments need more resources to prevent cyberattacks that can devastate their ability to carry out day-to-day functions that citizens rely on, from protecting school data to keeping utilities up and running,” Senator Hassan said. “I am pleased to have secured $1 billion in the bipartisan infrastructure package to help provide state and local entities with the resources that they need to protect their online systems from attack. I will keep working with my colleagues on both sides of the aisle to move this bipartisan infrastructure bill forward and deliver on the priorities that I hear about from Granite Staters.”

Hassan has led efforts to start a state and local cybersecurity grant program, most recently holding a hearing on this in the Emerging Threats and Spending Oversight Subcommittee. The hearing included testimony from Sunapee School District Superintendent Russ Holden, who Senator Hassan invited to testify on how the District navigated a 2019 cyberattack. After ransomware attacks hit Strafford County and Sunapee School District in New Hampshire, Senator Hassan met with officials to discuss what more the federal government can do to help prepare for and combat these attacks.

Many state and local governments lack the resources to address the increased pace of cyberattacks, with most states only spending 1-3 percent of their overall IT budgets on cybersecurity, compared to about 16 percent for federal agencies. A dedicated grant program will enable state, local, and tribal governments to prioritize cybersecurity investments.

The State and Local Cybersecurity Improvement Act would:

Authorize $1 billion over four years to enable state, local, and tribal governments to prioritize cybersecurity investments.

Require states to distribute at least 80 percent of funds to local governments, including 25 percent of funds to rural areas.

Require states and tribes to submit to CISA a cybersecurity plan, which outlines on how the state or tribe will improve its cybersecurity.

This plan must be approved by the state or tribes’ Cybersecurity Planning Committee, which includes representatives from local entities that will help bring more diverse perspectives to the table and improve coordination.

Hassan has prioritized efforts to address state and local cybersecurity threats as a member of the Senate Homeland Security and Governmental Affairs Committee (HSGAC) and the bipartisan Senate Cybersecurity Caucus. The latest National Defense Authorization Act, which is now law, included a bipartisan amendment that Senator Hassan introduced to create a cybersecurity state coordinator in each state. Furthermore, in an effort to bolster cybersecurity within the federal government, Senators Hassan and Rob Portman (R-OH) passed into law the bipartisan Hack DHS Act, which establishes a bug bounty pilot program – modeled off of similar programs at the Department of Defense and major tech companies – that uses vetted “white-hat” or ethical hackers to help identify unique and undiscovered vulnerabilities in the Department of Homeland Security (DHS) networks and information technology. The Senators also passed into law their bipartisan Public-Private Cybersecurity Cooperation Act, which complements the Hack DHS Act by requiring DHS to establish a cyber-vulnerabilities disclosure program so that vulnerabilities in DHS’ cyber systems can be easily reported and fixed.

Newsletter