Civic News
Budgets / Cybersecurity / Federal government / Municipal government

The US House just passed a bill to incentivize cybersecurity planning for state and local gov

The State and Local Cybersecurity Improvement Act hopes to make protection from ransomware attacks a budget priority.

Baltimore County Public Schools was another institution to face ransomware. (Photo by Christiaan Colen)

The U.S. House of Representatives passed a bill last week that hopes to prepare cities across the country for ransomware attacks.

The $400 million grant program to be administered by the Department of Homeland Security (DHS) would incentivize cities to invest in cybersecurity to avoid the disruption that hit the City of Baltimore following its 2019 ransomware attack.

The State and Local Cybersecurity Improvement Act, H.R.3138, was drafted by a group including Rep. C.A. Dutch Ruppersberger, who represents Maryland’s 2nd Congressional District comprising parts of Howard, Harford, Baltimore, and Anne Arundel Counties, as well as small portions of the City of Baltimore. Other bipartisan representatives hail from Alabama, New York, Washington, Louisiana and Texas.

The bill doesn’t create the grant program per se, as a Ruppersberger spokesperson told, but directs the DHS secretary to create it, with stipulation including that recipients need a cybersecurity plan and must build maintenance of it into their own budgets.

“Already, [cybercriminals] have been able to disrupt medical treatment, remote learning and public transportation in the middle of a pandemic and things will get a lot worse if we don’t take action now,” Ruppersberger said in a statement. “I want to thank my colleagues for supporting this legislation to give state and local governments the resources they need to invest in cybersecurity, protecting citizens and tax dollars.”

Less than 3% of overall state IT budgets go to cybersecurity according to the 2020 Deloitte-NASCIO Cybersecurity Study. Baltimore, for its part, saw its IT budget get a boost in funding for FY2020 and 2021 following its big attack.

BCIT’s budget allocation saw a boost in 2020. (Screenshot from FY2021’s budget hearing)

Along with plenty of other civic horror stories from around the country, Baltimore County School District also shut down from a ransomware attack as recently as November 2020. It’s no doubt there’s a real need for increased cybersecurity systems. Next up, we’ll see if the senate sees it as a big enough issue to appropriate the millions in funds.

Here’s the full text of the bill:

This bill requires the Cybersecurity and Infrastructure Security Agency (CISA) to establish the State and Local Cybersecurity Grant Program to address cybersecurity risks and threats to the information systems of state, local, or tribal organizations.

Eligible grant applicants (i.e., states and certain Indian tribes) must submit a cybersecurity plan—to be approved by CISA as a condition of disbursement—that describes how the applicant will use the funds to address cybersecurity risks and threats to their information systems. Grant funds must be used to implement, develop, or revise the applicant’s cybersecurity plan or to assist with activities that address imminent cybersecurity risks or threats.

CISA must establish a State and Local Cybersecurity Resilience Committee to provide state, local, and tribal stakeholder expertise, situational awareness, and recommendations to CISA on how to address cybersecurity risks and threats.

CISA must develop and maintain a resource guide for state, local, tribal, and territorial government officials to assist with identifying, preparing for, detecting, protecting against, responding to, and recovering from cybersecurity risks, threats, and incidents. In addition, CISA must develop and make publicly available a Homeland Security Strategy to Improve the Cybersecurity of State, Local, Tribal, and Territorial Governments.

Finally, CISA must assess the feasibility of implementing a short-term rotational program to detail approved state, local, tribal, and territorial government employees to CISA in cyber workforce positions.

Donte Kirby is a 2020-2022 corps member for Report for America, an initiative of The Groundtruth Project that pairs young journalists with local newsrooms. This position is supported by the Robert W. Deutsch Foundation.
Companies: City of Baltimore

Before you go...

Please consider supporting to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.

3 ways to support our work:
  • Contribute to the Journalism Fund. Charitable giving ensures our information remains free and accessible for residents to discover workforce programs and entrepreneurship pathways. This includes philanthropic grants and individual tax-deductible donations from readers like you.
  • Use our Preferred Partners. Our directory of vetted providers offers high-quality recommendations for services our readers need, and each referral supports our journalism.
  • Use our services. If you need entrepreneurs and tech leaders to buy your services, are seeking technologists to hire or want more professionals to know about your ecosystem, has the biggest and most engaged audience in the mid-Atlantic. We help companies tell their stories and answer big questions to meet and serve our community.
Contribute to the journalism fund Preferred partners Our services

Join the conversation!

Find news, events, jobs and people who share your interests on's open community Slack


Public innovation should be an icon in Baltimore, like crabs or snowballs

5 local orgs with services and resources for startups and entrepreneurs

How 3 local orgs help founders and entrepreneurs build their networks

The end of software as technology

Technically Media