Today, we’re thrilled to sit down with Donald Gainsborough, a political savant and leader in policy and legislation, who heads Government Curated. With a deep understanding of cybersecurity challenges facing state and local governments, Donald offers invaluable insights into the urgent need to bolster defenses through programs like the State and Local Cybersecurity Grant Program and the recently introduced PILLAR Act. In this conversation, we explore the significance of federal support for cybersecurity, the innovative measures proposed to protect critical infrastructure and emerging technologies, the looming threats of cyberattacks, and the collaborative efforts required to safeguard our communities.
What can you tell us about the State and Local Cybersecurity Grant Program and its role in supporting government entities at the local level?
The State and Local Cybersecurity Grant Program is a lifeline for many governments that manage critical services but often lack the resources to defend against digital threats. Established through the 2021 infrastructure law, it provides federal funding to help states and localities strengthen their cybersecurity posture. This program is vital because it addresses a gap where many local entities, especially smaller ones, struggle to keep up with sophisticated attacks. It has funded nearly 840 projects so far, ranging from policy development to equipment upgrades and hiring specialized contractors. For rural communities with tight budgets, this support means they can implement basic protections, like multi-factor authentication, without breaking the bank.
How does the PILLAR Act aim to build on this foundation, and what are its primary objectives?
The PILLAR Act, or the Protecting Information by Local Leaders for Agency Resilience Act, is a bipartisan effort to reauthorize this grant program for another decade. Its primary goal is to ensure sustained federal support for cybersecurity at the state and local levels while introducing measures to stabilize funding through cost-sharing agreements—60% federal for single entities and 70% for multi-entity groups. It also pushes for broader adoption of security practices like multi-factor authentication across government systems, including critical infrastructure. Additionally, it emphasizes outreach to smaller communities, ensuring they aren’t left behind in the fight against cyber threats.
Why is there such a pressing need to reauthorize this program before its funding expires at the end of September 2025?
The urgency stems from the immediate risk of a funding lapse, which could derail ongoing cybersecurity initiatives. If the program isn’t reauthorized by the deadline, states and localities might lose access to critical resources needed to maintain or upgrade their defenses. This isn’t just a local issue—it’s a national security concern. Adversaries are constantly probing for weaknesses, and a gap in funding could expose vulnerabilities in systems that manage everything from power grids to emergency services. The potential for increased attacks from nation-state actors only heightens the stakes.
In what ways does the PILLAR Act address emerging challenges like protecting critical infrastructure and technologies such as AI?
The PILLAR Act recognizes that cybersecurity isn’t just about protecting data—it’s about safeguarding the systems that keep our society running. It explicitly includes provisions for critical infrastructure and operational technology, as well as AI systems, which are increasingly integrated into government operations. This focus is crucial because AI, while a powerful tool for efficiency, introduces new risks if not secured properly. The legislation encourages proactive measures to ensure these technologies are resilient against attacks, preserving public trust and preventing disruptions in essential services.
What are some of the biggest cybersecurity challenges state and local governments face today?
State and local governments are on the front lines of a growing array of cyber threats, with ransomware and data breaches being among the most common. These attacks can cripple local services—think power outages, water supply disruptions, or delayed emergency responses. Many of these entities lack the in-house expertise or funding to respond effectively, making them easy targets. Beyond the technical challenges, there’s also the issue of coordination; ensuring consistent security practices across diverse jurisdictions is a monumental task that requires both resources and collaboration.
Can you elaborate on the kind of support the PILLAR Act and the grant program have received from various stakeholders?
The support for reauthorizing this program has been remarkably broad and bipartisan, reflecting its importance. Organizations like the National Association of State Chief Information Officers have been vocal advocates, emphasizing how these grants have been instrumental in bolstering cyber defenses. Other groups, including tech and cybersecurity coalitions, have also backed the effort through open letters and public statements. Their push for swift passage underscores a shared understanding that delaying action could have severe consequences for government security and public safety.
How important is collaboration in making this cybersecurity program effective across different levels of government?
Collaboration is absolutely essential. The grant program mandates the creation of cybersecurity planning committees that bring together representatives from state and local governments, academia, nonprofits, and the private sector. This structure fosters strategic partnerships, ensuring that diverse perspectives shape cybersecurity strategies. Without this teamwork, efforts can become fragmented, leaving gaps that attackers can exploit. The PILLAR Act builds on this by encouraging even more outreach and coordination, particularly to underserved areas.
What is your forecast for the future of state and local cybersecurity if initiatives like the PILLAR Act are successfully implemented?
If the PILLAR Act passes and is adequately funded, I believe we’ll see a significant strengthening of cybersecurity at the state and local levels over the next decade. With sustained federal support, governments can build more robust defenses, adopt cutting-edge technologies securely, and better protect critical services. We could also see a reduction in successful attacks as smaller communities gain access to resources previously out of reach. However, the threat landscape will continue to evolve, so ongoing adaptability and collaboration will remain key to staying ahead of adversaries.
