WASHINGTON D.C. –– Today, Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andrew Garbarino (R-NY) delivered the following opening statement in a hearing to assess the State and Local Cybersecurity Grant Program (SLCGP), which is administered by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA). Members will also explore opportunities for Congress, in partnership with the Trump administration, to ensure the preparedness and resiliency of state and local governments against cyberattacks.

Watch Chairman Garbarino’s full opening statement in a hearing entitled, “Cybersecurity is Local, Too: Assessing the State and Local Cybersecurity Grant Program.”  

As prepared for delivery:

The threat of cyberattacks to U.S. networks and critical infrastructure is real and rising. Microsoft’s 2024 Digital Defense Report estimates that its customers are targeted with more than 600 million attacks per day from nation-states and criminal actors.

For years, the intelligence community has warned of the threat of state-sponsored cyber actors engaging in malicious activities against our critical infrastructure.

As we’ve seen, these warnings have become a reality. With the persistent threat that groups like the Typhoons pose to IT and OT assets, any critical infrastructure sector could be the next to fall victim to attacks, or have its data seized through a phishing scheme.

As cyber actors become increasingly sophisticated and persistent, we can no longer be complacent when it comes to securing our critical infrastructure. We must take all steps necessary to ensure our nation’s cyber preparedness and resilience. In doing so, it is essential that our state and local government partners are similarly well-situated to respond to these threats.

Despite often lacking resources and qualified talent for cybersecurity, state and local governments host the key pieces of critical infrastructure that keep our economy running. If left unprotected, this presents a huge vulnerability.

To help state and local governments improve their cybersecurity postures, Congress passed the State and Local Cybersecurity Grant Program in 2021. Since this program began, $838 million has been allocated to address cybersecurity risks and threats to information systems owned and operated by, or on behalf of, state, local, and territorial governments.

The State and Local Cybersecurity Grant Program is set to expire this September, at which point the Program will not continue to receive federal funding unless reauthorized by Congress.

As we have heard from many stakeholders, this Program has undoubtedly improved––and sometimes even established––the cybersecurity posture of our states and localities. I am encouraged by the progress and applaud the efforts of our state and local governments to seize this opportunity to prioritize cybersecurity.

With that said, we know that the Program does not come without its challenges. As we consider reauthorization, we want to understand any administrative burdens or barriers to ensure state, local, and territorial governments can focus on cyber resiliency and preparedness.

To that end, it is also Congress’s responsibility to evaluate whether the State and Local Cybersecurity Grant Program is the most efficient and effective means of strengthening the cybersecurity posture of state, local, and territorial governments. I am here with an open mind—and a vested interest––in understanding how the Program is working.

Cybersecurity is a whole-of-society challenge, meaning the Federal government must continue to support and strengthen cybersecurity at the state and local levels to protect our nation’s networks and critical infrastructure. State and local governments must also continue to share information with each other. They play an important role in disseminating best practices, which could greatly benefit organizations with less mature cybersecurity programs.

I want to thank our witnesses––who have had first-hand experience with the State and Local Cybersecurity Grant Program––for being here today.  

I look forward to hearing your perspectives on the Program, and to working with you to strengthen our collective defense against cyber threats.

###