Republican lawmakers on the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection have issued a clear warning: the ransomware state local governments face is no longer a distant threat but a daily reality. As ransomware gangs, nation-state actors, and AI-enabled attacks increasingly target public infrastructure and essential services, the cyber threat landscape is intensifying at an alarming rate. This hearing, chaired by Rep. Andy Ogles, underscored the urgency of protecting the systems you rely on for water, emergency services, and transportation. State and local governments, however, are fighting this battle with limited budgets and cybersecurity staffing, making public infrastructure cybersecurity a pressing national concern.
The State and Local Cybersecurity Grant Program (SLCGP): A Critical Lifeline at Risk
Given these challenges, Congress created the State and Local Cybersecurity Grant Program (SLCGP) in 2021, allocating $1 billion over four years specifically to help shore up defenses at the state and local level. For many municipalities, this funding has been a practical lifeline, allowing them to invest in basic protections—like multi-factor authentication, staff training, and updated software—that they otherwise couldn’t afford on their own. But there’s a pressing deadline: the SLCGP expires in September unless Congress acts to reauthorize it.
What Is the SLCGP and Why Is It Expiring?
The SLCGP was designed to address a persistent gap in ransomware state local preparedness. Local governments often operate on tight budgets, leaving little room for dedicated cybersecurity staff or modern infrastructure. The grant program provides essential cybersecurity grant funding that helps these entities build resilience against attacks. Without it, many would be forced to scale back their security efforts, leaving critical systems—like emergency dispatch or public utilities—more vulnerable than ever. The program’s expiration isn’t just a bureaucratic issue; it’s a practical risk to your community’s safety.
The PILLAR Act: A Proposed Solution
To prevent this gap, Representative Ogles has voiced support for the PILLAR Act, a bill that aims to keep the program alive. However, Ogles has also emphasized that SLCGP reauthorization alone is not the complete answer. He stressed that simply continuing the funding isn’t enough—the program’s effectiveness must be assessed to ensure the money is actually making a difference. This means evaluating whether states and localities are using the grants to implement lasting improvements rather than just temporary fixes. The PILLAR Act represents a step forward, but it also signals that more oversight and accountability are needed to turn federal dollars into real-world protection against ransomware.
Adversaries Targeting State and Local Governments: From Nation-States to AI-Enabled Attacks
While the PILLAR Act aims to strengthen defenses, understanding who is behind the rising tide of attacks is just as important. Representative Ogles noted a sobering reality: state and local governments must defend against the same adversaries as the Intelligence Community, but with budgets and workforces that are a fraction of the size. These aren’t just petty criminals — they include well-funded nation-state actors and sophisticated ransomware gangs.
Which Adversaries Are Targeting U.S. State and Local Systems?
China, Russia, and Iran are among the nation-state cyber threats actively targeting local systems. Their goals vary from espionage and data theft to disruption of essential services. At the same time, ransomware gangs operate almost like businesses, seeking quick payouts by locking up critical data. The combination of nation-state cyber threats and profit-driven criminal groups means public infrastructure — from water utilities to school networks — is under constant siege. This is precisely why the ransomware state local dynamic has become such a pressing concern for lawmakers.
The Role of AI in Escalating Cyber Attacks
Artificial intelligence is reshaping both offensive and defensive cyber operations. Adversaries now use AI to automate phishing campaigns, churning out convincing emails at scale. They can also identify vulnerabilities in software far faster than a human could. This AI-powered ransomware is more adaptive and harder to spot. On the defensive side, AI tools help security teams detect anomalies, but the speed of offense often outpaces defense. For a small-town government with a lean IT staff, keeping up with these AI-driven threats can feel nearly impossible.
The Cybersecurity Staffing Crisis: Urban vs. Rural Disparities
This imbalance in resources creates a stark divide. Urban areas with larger tax bases can often afford dedicated cybersecurity teams and modern tools. But for many smaller communities, the picture is very different. Some rural counties operate without a single dedicated cybersecurity professional on staff. This isn’t just an IT inconvenience—it’s a critical vulnerability for the schools, emergency services, and transportation systems that residents depend on every day.
How Does the Staffing Shortage Compare Between Urban and Rural Areas?
The gap in cybersecurity staffing between city and country is severe. As Representative Ogles noted, state and local governments are expected to defend against the same sophisticated adversaries—including nation-state actors from China, Russia, and Iran—as the Intelligence Community. Yet they must do so with dramatically smaller budgets and workforces. A rural county with a single IT generalist simply cannot match the capabilities of a well-funded urban security operations center. This creates a clear disparity in urban vs rural cyber resources.
Adding to the challenge, many rural areas rely on aging infrastructure. Older systems are harder to patch and monitor, and they often lack the built-in security features of modern platforms. Meanwhile, access to federal support and grant programs can be uneven, leaving smaller jurisdictions to fend for themselves. This combination of limited staff, old equipment, and inconsistent funding makes these communities prime targets for ransomware attacks.
Immediate Steps for Municipal Leaders
If you manage IT for a smaller municipality or county, the situation may feel overwhelming, but there are practical first moves. Start by conducting a basic asset inventory—you cannot protect what you do not know you have. Next, prioritize patching known vulnerabilities in internet-facing systems. Even without a dedicated security hire, you can implement multi-factor authentication (MFA) on all administrative accounts. Many rural cybersecurity challenges can be partially addressed by joining regional information sharing groups, which provide threat intelligence and shared resources. These steps won’t close the entire gap, but they build a foundation that makes a ransomware attack much harder to pull off.
Federal Support Beyond the SLCGP: CISA and Coordination Mechanisms
Beyond the grant program, federal agencies like the Cybersecurity and Infrastructure Security Agency (CISA) offer resources, but access remains uneven. CISA provides tools, training, and incident response support that can help local governments strengthen their defenses. However, many municipalities, schools, emergency services, and transportation systems operate with limited cybersecurity staffing, aging infrastructure, and uneven access to federal support. This means that even when help is available, it doesn’t always reach the people who need it most.
What Federal Support Is Available Beyond the Grant Program?
CISA offers a range of practical services, including vulnerability scanning, risk assessments, and on-site assistance during an active incident. They also run training programs and share threat intelligence through information-sharing platforms. For a small city or rural school district, these resources can be a lifeline — but only if the local IT team knows they exist and has the bandwidth to use them. State and local governments often lack awareness or capacity to fully utilize these resources, which creates a gap between what’s offered and what’s actually implemented.
Assessing the Effectiveness of Current Programs
The hearing highlighted the need for better coordination and assessment of program effectiveness. Witnesses including Kristin Darby (Tennessee CIO), Colin Ahern (New York), Warren Sponholtz (Florida), and Samir Jain (Center for Democracy & Technology) discussed how fragmented support can leave smaller jurisdictions behind. Ogles emphasized that reauthorization alone is not enough and that program effectiveness must be assessed. Without clear metrics, it’s hard to know whether federal dollars and CISA support are actually reducing the ransomware state local threat. A more coordinated approach — with regular evaluations and clearer communication channels — could help ensure that every community gets the protection it needs.
Hearing Outcomes and Next Steps in Congress
The recent hearing chaired by Representative Andy Ogles brought together a diverse group of witnesses, including state and local leaders like Kristin Darby (Tennessee CIO), Colin Ahern (New York), Warren Sponholtz (Florida), and Samir Jain from the Center for Democracy & Technology. Their testimony painted a detailed picture of the ransomware state local challenge, highlighting both the practical hurdles and the potential solutions that could make a real difference. While the hearing produced valuable insights, the path forward in Congress is still being shaped.
What Did the Hearing Produce?
This congressional hearing outcome was clear: there is strong bipartisan recognition that the ransomware threat to state and local governments is escalating faster than many current defenses can handle. Witnesses shared concrete examples of how limited budgets and a shortage of cybersecurity staff leave smaller communities especially vulnerable. The discussion also touched on the need for better coordination between federal agencies and local entities, which is a key piece of the broader cybersecurity legislation next steps.
What Is the Next Step in Congress?
One of the most pressing items on the table is the State and Local Cybersecurity Grant Program (SLCGP), which is set to expire in September unless Congress acts. Representative Ogles has voiced support for the PILLAR Act, a bill that aims to extend and strengthen these grants. However, he also stressed that simple reauthorization is not enough. Ogles emphasized that Congress must assess how effectively the program is working and whether it is actually reducing the ransomware state local threat. This means the next legislative steps will likely involve a broader review of existing programs before any new funding is approved. For you, staying informed on these developments is key, as the outcome will directly affect the cybersecurity resources available in your community.
Frequently Asked Questions
How can a small town with no cybersecurity staff protect itself from ransomware?
Start with basic cyber hygiene. Use multi-factor authentication, keep software updated, and back up critical data offline. You can also join shared security services offered by state cybersecurity offices or regional information sharing groups. Even without dedicated staff, these low-cost steps significantly reduce ransomware risk for state local entities.
What is the State and Local Cybersecurity Grant Program (SLCGP) and why is it expiring?
The SLCGP provides federal funding to help state and local governments improve their cybersecurity defenses. It is set to expire because the initial authorization had a limited time frame, and new legislation would be needed to renew it. Without renewal, many smaller jurisdictions may lose a critical source of support for fighting threats like ransomware.
What role is AI playing in the rise of cyber attacks on local governments?
Attackers are using AI to automate reconnaissance and craft convincing phishing emails that bypass traditional filters. This makes it harder for resource-constrained local governments to detect threats early. You should expect AI-driven attacks to become more frequent, so investing in AI-powered defense tools can help level the playing field.
