Key Takeaways
- A Connecticut town thwarted a potential cyber intrusion in real‑time because staff recognized early warning signs and activated an existing incident‑response plan.
- Prior to the State and Local Cybersecurity Grant Program (SLCGP), many local governments relied on outdated equipment, lacked multifactor authentication, phishing testing, and detailed response plans.
- The SLCGP, funded by the 2021 Infrastructure Investment and Jobs Act, allocates $1 billion (2022‑2025) with 80 % earmarked for local governments and 25 % for rural communities.
- Connecticut used SLCGP funds to create incident‑response templates, deploy multifactor authentication, provide endpoint detection‑and‑response tools, and mandate periodic cybersecurity assessments.
- Louisville, Kentucky, leveraged its subgrant to hire a full‑time red‑team engineer and a threat‑intelligence specialist, shifting from reactive to proactive defense.
- Despite the program’s success, its future is uncertain: Congress extended the SLCGP through September 2026 without new funding, and reauthorization bills remain stalled.
- IT leaders call for a longer, consistently funded grant, a steady federal‑state cost‑share model, and investments in a statewide security operations center and AI‑resilient defenses.
- Officials agree that the SLCGP has markedly improved local‑government cyber readiness and hope for its renewal in any form.
Incident Response Success in a Connecticut Town
In a midsized Connecticut municipality, a cursor drifted across a government workstation screen despite no one touching the mouse or sitting at the device. The anomalous movement triggered the town’s trained personnel, who recognized the early signs of a possible hack. Thanks to a pre‑existing incident‑response plan, they isolated the affected system and shut down the threat “in a matter of moments,” preventing what could have escalated into a major cybersecurity event. State CIO Mark Raymond highlighted this episode as proof that preparedness and training can stop attacks before they cause damage. The swift containment underscored the value of having clear procedures and staff who know how to act when something looks amiss.
State of Local Government Cybersecurity Before the SLCGP
A few years earlier, a statewide evaluation of local governments’ cybersecurity in 2020 painted a grim picture. Raymond recalled that many entities were “doing the minimum, or, in some cases, not the minimum.” While some larger towns maintained solid defenses, most struggled with aging hardware that could not be patched, neglected multifactor authentication, and rarely conducted phishing tests to educate employees. Detailed incident‑response plans were almost nonexistent, leaving localities vulnerable to prolonged disruption when attacks did occur. The assessment made clear that without external assistance, many municipalities would continue to operate with significant security gaps.
Launch and Structure of the State and Local Cybersecurity Grant Program
To address these deficiencies, Congress passed the State and Local Cybersecurity Grant Program (SLCGP) as part of the 2021 Infrastructure Investment and Jobs Act. The program earmarks $1 billion for state and local cybersecurity needs from FY 2022 through FY 2025. Funding flows primarily from states to local governments via direct subgrants, shared‑services arrangements, or other mechanisms, ensuring that resources reach the entities most in need. Notably, 80 % of the grant is designated for local governments, with an additional 25 % set aside specifically for rural communities. This targeting aimed to close the disparity between well‑resourced urban centers and smaller, often underfunded jurisdictions.
Connecticut’s Use of SLCGP Funds
In Connecticut, the SLCGP enabled the state to move beyond theoretical best‑practice discussions and deliver concrete tools to municipalities. One of the first actions was assisting local governments in drafting incident‑response plans that outline step‑by‑step actions during a cyber incident. The state also rolled out multifactor authentication services, which add a critical layer of verification beyond passwords, and deployed endpoint detection‑and‑response (EDR) solutions that continuously monitor devices for malicious activity and automatically remediate threats. Furthermore, the grant required periodic cybersecurity assessments, compelling towns and cities to regularly evaluate their posture and identify improvement areas. Raymond described the program as “dramatically needed” and “very impactful,” crediting it with raising the baseline security maturity across the state.
Louisville Metro Government’s Proactive Shift
Louisville Metro Government in Kentucky provides a vivid example of how the grant can transform defensive posture. CIO Chris Seidt explained that, prior to the subgrant, the city‑cyber team operated mainly in a reactive mode, focusing on day‑to‑day network defense and incident response. With SLCGP funding, Louisville created two new, full‑time positions: a red‑team engineer and a threat‑intelligence specialist. The red‑team engineer adopts an attacker’s mindset, continuously probing the government’s network for exploitable weaknesses and reporting them for immediate patching—an activity that would otherwise rely on infrequent third‑party assessments. The threat‑intelligence specialist cultivates relationships with public‑ and private‑sector partners to gather early warnings about emerging threats. Seidt noted that while no specific incident has been definitively averted, the proactive stance reduces the likelihood of ever reaching a crisis point. Grant money will sustain these roles through the end of 2026, after which Louisville hopes to secure general‑fund appropriations to keep them permanent.
The Ongoing Cybersecurity Challenge
Despite the gains realized through the SLCGP, IT officials warn that cybersecurity remains an ever‑evolving battle. Raymond observed that state and local governments were never designed to fend off international adversaries, yet that is precisely the threat landscape they now face. Compounding the difficulty, staffing cuts at the federal Cybersecurity and Infrastructure Security Agency (CISA) have reduced the pool of experts available to assist localities. Additionally, the Multi‑State Information Sharing and Analysis Center (MS‑ISAC), which previously offered free cybersecurity services, lost federal funding at the close of the previous year, leaving a gap in shared threat intelligence. These pressures underscore the need for sustained, long‑term investment rather than short‑term infusions.
Future Prospects and Legislative Outlook
The SLCGP’s authorization was extended through September 2026 by a February 2026 law, but no new appropriations were attached. Two reauthorization bills remain pending: one introduced in November 2025 seeking to extend the program through FY 2026, and another from September 2025 proposing a multi‑year renewal. As of April 2026, neither bill has cleared both chambers of Congress. The House passed the PILLAR Act in November 2025, which would fund the program through FY 2033 and establish a consistent federal‑state cost‑share ratio—a change Raymond advocates for to simplify budgeting for local governments. The Senate’s alternative bill would merely reauthorize the SLCGP for FY 2026 without additional funds. Stakeholders urge swift action, warning that lapses in funding could erase the progress made over the past few years.
Recommendations for a Strengthened Grant Program
Looking ahead, IT leaders propose several refinements to make any future grant more effective. Raymond recommends locking in a stable cost‑share percentage between federal and state/local partners, eliminating the annual fluctuations that complicate accounting for municipalities. He also argues for a longer grant horizon—beyond the current three‑year window—to give localities sufficient time to assemble their required matching contributions and plan multi‑year investments. Seidt emphasizes the growing role of artificial intelligence in cyber attacks and urges allocating resources for AI‑driven defense tools, such as machine‑learning‑based anomaly detection and automated response platforms. Both officials envision a statewide security operations center that could offer 24/7 threat monitoring, vulnerability scanning, and incident‑response support to smaller jurisdictions that lack the scale to build such capabilities in‑house.
Conclusion: Caution Optimism
Overall, the State and Local Cybersecurity Grant Program has demonstrably improved the cyber readiness of Connecticut towns, Louisville’s metro government, and countless other local entities across the nation. By turning abstract best practices into tangible assets—incident‑response plans, multifactor authentication, continuous monitoring, and dedicated expert staff—the program has shifted many governments from a reactive stance to a proactive defensive posture. While the legislative future remains uncertain, the consensus among IT leaders is clear: the SLCGP has been immensely beneficial, and its renewal—whether through the PILLAR Act, another bipartisan effort, or a new funding mechanism—is essential to safeguard communities against an increasingly sophisticated and persistent cyber threat landscape.