- Bipartisan bill would continue a $1 billion cybersecurity grant program.
- Legislation strengthens support for state, local, and tribal governments.
- Artificial intelligence systems and operational technology are added to eligible uses.
- The program is extended through fiscal year 2035 under the PILLAR Act.
Thursday, December 4, 2025 — On December 1 and 2, 2025, members of Congress announced bipartisan legislation to renew the State and Local Cybersecurity Grant Program, a federal initiative that has distributed $1 billion over four years to help state, local, tribal, and territorial governments improve cybersecurity protections. The effort is led by Senator Maggie Hassan of New Hampshire and Senator John Cornyn of Texas, who helped create the original program in 2021.
Senator Hassan
stated on December 1 that state and local governments continue to encounter evolving cyber threats that jeopardize essential services, including school systems, utilities, and emergency response infrastructure. She noted that the program has provided important resources to strengthen defenses and that renewed authorization would allow this work to continue.
Senator Cornyn echoed that concern in his December 2 announcement, stating that the digital threat landscape has grown more hazardous. He highlighted that Texas has received close to 40 million dollars through the program since 2021, including nearly 13 million dollars in fiscal year 2024, the most of any state.
The program is administered jointly by the Cybersecurity and Infrastructure Security Agency and the Federal Emergency Management Agency. Funding supports planning, new staffing, service improvements, cybersecurity exercises, and other measures that help governments reduce risks to information systems.
House-Passed PILLAR Act Extends the Program Through Fiscal Year 2035.
The House of Representatives passed related legislation on November 17, 2025. Known as the Protecting Information by Local Leaders for Agency Resilience Act or the PILLAR Act, the bill would continue the grant program through fiscal year 2035. It would also expand the types of systems eligible for support, including operational technology systems and systems that use artificial intelligence. These systems must be maintained, owned, or operated by or on behalf of state, local, or tribal governments.
The PILLAR Act clarifies that grant funds may not be used to purchase software, hardware, or other products outside the relevant guidance issued by the Cybersecurity and Infrastructure Security Agency. It also increases the federal cost share for governments that deploy multifactor authentication and identity and access management tools for critical infrastructure by a specified deadline.
Grant recipients would be required to file annual reports describing their progress in assuming long-term responsibility for cybersecurity programs once federal funds are fully spent. The Government Accountability Office would periodically review the program, including how artificial intelligence technologies are adopted across a sample of grants.
The bill directs the Cybersecurity and Infrastructure Security Agency to expand outreach, with specific attention to governments in rural communities and areas with smaller populations. Outreach must include information about the agency’s no-cost cybersecurity services.
Legislative Status and Next Steps.
The PILLAR Act passed the House by voice vote on November 17, 2025. It was then received in the Senate on November 18 and referred to the Senate Committee on Homeland Security and Governmental Affairs. Legislative consideration is expected to continue in the coming months.
If enacted, the combined proposals from Senators Hassan and Cornyn and the House-passed PILLAR Act would give state, local, tribal, and territorial governments a longer planning horizon, expanded eligibility for modernized technology, and clearer expectations for the long-term sustainability of cybersecurity programs.
Frequently Asked Questions
What is the State and Local Cybersecurity Grant Program?
It is a federal program created in 2021 that provides grant funding to state, local, tribal, and territorial governments to strengthen cybersecurity protections for government information systems.
How much funding has the program provided to date?
The program has distributed one billion dollars over four years. Texas has received the highest amount of any state, totaling roughly forty million dollars over that period.
What changes does the PILLAR Act include?
The bill extends the program through fiscal year 2035, makes operational technology and artificial intelligence systems eligible for funding, increases the federal cost share for certain security upgrades, and adds reporting and oversight requirements.
Can grant funds be used for any cybersecurity product?
No. Funds cannot be used to purchase hardware, software, or related services that do not comply with guidance from the Cybersecurity and Infrastructure Security Agency.
What oversight is required under the PILLAR Act?
The Government Accountability Office must periodically review the program, including the use of artificial intelligence across selected grant projects.
What happens next in the legislative process?
The Senate will review the legislation through the Committee on Homeland Security and Governmental Affairs. If advanced by the committee and later passed by the full Senate, the bill would move toward final consideration.
