Key Takeaways
- Federal cybersecurity grants (SLCGP) successfully expanded state and local defenses but created sustainability challenges as funding winds down.
- States are implementing stopgap strategies like phased funding, shared-service models, and increased local cost shares to delay the "funding cliff."
- Local governments express significant concern about affording maintained capabilities without federal support, risking a shift to weaker, cheaper alternatives.
- Associations like NASCIO advocate for $300 million in additional SLCGP funding and long-term authorization via bills such as the PILLAR Act and SLCGP Reauthorization Act.
- State officials urge future grant programs to prioritize sustainable funding, reduce administrative complexity, and treat cybersecurity as core critical infrastructure.
Federal cybersecurity grants have significantly bolstered state and local government defenses in recent years, but leaders now face a pressing challenge: maintaining these enhanced capabilities as the State and Local Cybersecurity Grant Program (SLCGP) nears its end. This sustainability dilemma emerged prominently during a panel discussion at the ISAC Annual Summit 2026, where cybersecurity officials from Kansas, Minnesota, and Tennessee shared insights gained as the program’s funding rounds conclude. While agencies and municipalities continue to expend awards from earlier SLCGP allocations, the focus has sharply shifted toward ensuring the cybersecurity tools, partnerships, and maturity assessments built with federal dollars do not deteriorate once the money stops flowing. The core question driving state strategy is whether local governments can absorb the full operational costs of these services independently without compromising security posture.
Tennessee’s Experience: Expanding Capabilities Through Centralized Tools
In Tennessee, SLCGP funding was instrumental in deploying managed detection and response (MDR) tools across the state, creating a more unified system for monitoring and mitigating ransomware threats, as explained by Deputy CISO Aimé Nsengiyumva. This centralized approach allowed for better threat intelligence sharing and faster incident response coordination between state and local entities. Beyond technology, the grants also strengthened formal state-local partnerships and facilitated routine cybersecurity maturity assessments, helping jurisdictions identify weaknesses and prioritize improvements. However, Nsengiyumva highlighted the looming uncertainty: while the initial investment created valuable infrastructure, the ongoing costs of licensing, analyst staffing, and tool updates now fall primarily on local budgets. The state’s success in expanding capabilities is now tempered by the practical question of whether counties and cities can sustain these advanced services long-term without continued federal subsidization.
Minnesota’s Strategy: Gradual Cost-Sharing and Local Affordability Fears
Minnesota is actively testing a sustainability approach centered on gradually increasing the local cost share for SLCGP-funded services, a strategy articulated by State CISO John Israel. The idea is to ease communities into assuming financial responsibility over time, preventing a sudden shock when federal support ends. Despite this forward-looking plan, Israel voiced significant apprehension, noting he is "already hearing from local governments that they’re worried about that cliff … that they’re worried about having to shift to something cheaper and less costly." This fear underscores a critical tension: while states aim to build local ownership, many municipalities—particularly smaller, rural, or under-resourced ones—may lack the tax base or technical expertise to maintain sophisticated cybersecurity operations at current levels. Israel emphasized that advocating for continued, sustainable federal funding is essential because the burden of securing local networks has effectively been placed "on the backs of these local governments," and expecting them to shoulder the full cost abruptly could undermine hard-won gains.
Kansas’ Critique: Streamlining Administration for Long-Term Effectiveness
Drawing from Kansas’ role in administering SLCGP funds, CISO John Godfrey offered a pointed critique of the program’s current structure, arguing that future iterations must prioritize sustainability and simplicity. He identified specific pain points: frequently changing Notice of Funding Opportunity (NOFO) requirements, overlapping oversight from multiple federal agencies, and disruptions like federal government shutdowns that created avoidable complexity and delayed implementation. Godfrey contended that treating cybersecurity grant programs more like established critical infrastructure initiatives—such as those for water systems or energy grids—would enhance their long-term viability. This means advocating for stable, multi-year funding cycles, reducing burdensome matching fund requirements that strain local budgets, and streamlining administrative processes to ensure more grant money flows directly to security outcomes rather than bureaucratic hurdles. His perspective underscores that the effectiveness of federal support depends not just on the amount of money but also on how efficiently and predictably it is delivered.
The Push for Continued Federal Support and Legislative Momentum
Recognizing the imminent risk of capability decay, key associations are intensifying efforts to secure additional federal investment. The National Association of State Chief Information Officers (NASCIO) is leading a push for Congress to approve another $300 million specifically for the SLCGP, arguing that sustained funding is non-negotiable to preserve cybersecurity gains in local and rural communities, which often lack alternative resources. This advocacy is gaining traction as lawmakers consider related legislative vehicles, including the PILLAR Act (Promoting Interoperability and Leveraging Long-Term Adaptability and Resilience) and the SLCGP Reauthorization Act. Panelists noted that momentum is building around the concept of long-term program authorization—moving beyond annual appropriations to create a more predictable funding stream. Such a shift, they argue, would allow states and localities to engage in genuine multi-year planning for cybersecurity resilience rather than scrambling to patch together short-term solutions as each grant cycle ends.
Conclusion: Balancing Progress with the Imperative of Endurance
The collective experience shared at the ISAC Summit reveals a clear narrative: federal grants like SLCGP have been catalytic in elevating state and local cybersecurity posture, enabling advancements in threat detection, partnership building, and risk assessment that would likely not have occurred at the same scale or speed without this investment. However, the program’s winding down has exposed a fundamental vulnerability—capabilities built on transient federal funding are inherently fragile if local entities cannot independently afford their maintenance. States are actively experimenting with bridges to sustainability, from Minnesota’s gradual cost-sharing to Kansas’ calls for administrative simplification, but these are viewed as temporary measures. The overwhelming consensus among officials is that without continued, reliable federal commitment—whether through reauthorization of SLCGP, new dedicated funding streams, or treating cybersecurity as an enduring critical infrastructure priority—the hard-earned progress made in recent years risks eroding, leaving communities increasingly exposed to evolving cyber threats as they confront the daunting prospect of the "funding cliff." The challenge now is transforming short-term grant success into lasting, locally sustainable security resilience.