The bill would reauthorize the State and Local Cybersecurity Grant Program under the Homeland Security Act for Fiscal Year 2026. It raises the federal cost-share for FY2026 to 60% in one grant pathway and 70% in another, increases an existing appropriation to $300 million for FY2026, and extends the program’s termination date to September 30, 2026.
The action preserves the program’s basic structure while shifting funding responsibility toward the federal government for the 2026 period.
Why it matters: States, cities, and other localities rely on these grants to modernize cybersecurity defenses for critical infrastructure and public safety systems. By increasing the federal share and guaranteeing funding through 2026, the bill reduces local budget pressures and provides continuity for ongoing projects, planning, and vendor contracts.
It also sets the stage for a potential longer-term reauthorization depending on future budget decisions and program performance.
At a Glance
What It Does
Amends Section 2220A to set FY2026 federal cost-share at 60% for one pathway and 70% for another, and to authorize $300 million for FY2026.
Who It Affects
State and local governments implementing cybersecurity grants, including CIO offices, public safety agencies, and infrastructure departments that manage grant programs.
Why It Matters
Increases federal participation in state/local cyber defenses for 2026, reducing local funding burdens and enabling more rapid modernization of critical infrastructure.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The Act reauthorizes the existing State and Local Cybersecurity Grant Program for Fiscal Year 2026 under the Homeland Security Act of 2002. It modifies how much of the project costs the federal government will cover and how much the state or locality must pay.
Specifically, it sets the FY2026 federal cost-share at 60% for one grant pathway and 70% for another, and it adds a dedicated appropriation of $300 million for FY2026 to support program activities. The termination date of the program is moved to September 30, 2026, ensuring continuity through that date and preventing an abrupt end to grants and related activities.
Practically, these changes mean state and local governments pursuing cybersecurity projects can lean more on federal funding in 2026, potentially accelerating modernization efforts for critical infrastructure, public safety communications, and IT resilience. The bill does not alter the program’s core eligibility or governance structure beyond those funding and timing adjustments, but it does raise expectations around administering and reporting grant-funded work within a constrained budget cycle.
Agencies administering the program will need to coordinate with DHS and ensure compliance with any revised reporting or oversight requirements accompanying the higher federal share.
The Five Things You Need to Know
The bill adds a FY2026, $300,000,000 appropriation to the program under 6 U.S.C. 665g(r)(1).
For FY2026, the federal cost-share rises to 60% under one grant pathway and 70% under another pathway.
The termination date for the program is shifted to September 30, 2026.
The act reauthorizes the State and Local Cybersecurity Grant Program within the Homeland Security Act of 2002.
This is a targeted, fiscal-year reauthorization; it does not enact a new long-term framework beyond FY2026.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short Title
Sets the act’s short title as the State and Local Cybersecurity Grant Program Reauthorization Act, establishing the label used for citation and reference.
Federal Share
Amends Section 2220A(m)(1) to modify FY2026 cost-sharing. Subparagraph A pathway is updated to deliver a 60% federal share for FY2026 (new item v), while Subparagraph B pathway is updated to a 70% federal share for FY2026 (new item v). These changes effectively tilt funding toward federal support for state/local cybersecurity projects in FY2026.
Authorization of Appropriations
Amends Section 2220A(r)(1) to add a new paragraph (E) allocating $300,000,000 for FY2026. This ensures a dedicated funding stream for grant activities under the program in the coming fiscal year.
Termination
Amends Section 2220A(s)(1) to extend the program’s termination date to September 30, 2026, preserving grant access and program administration through that date and avoiding an abrupt sunset.
This bill is one of many.
Codify tracks hundreds of bills on Government across all five countries.
Explore Government in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- State governments’ homeland security offices and chief information officers will benefit from a higher federal cost-share, reducing the burden of matching funds and enabling more rapid cybersecurity upgrades.
- City and county IT and public-safety departments that administer or participate in state/local cybersecurity grants, especially those responsible for critical infrastructure protection.
- Regional cyber collaboration networks and intergovernmental bodies that rely on DHS grants to fund shared cyber defense initiatives.
- Public universities or other state-supported institutions that participate in grant-funded cybersecurity modernization projects.
Who Bears the Cost
- State and local governments, which maintain any remaining non-federal share of project costs (often 40% or 30% depending on the pathway).
- Grant-administrating agencies at the state and local level, which must manage compliance, reporting, and oversight with more substantial federal involvement.
- Rural or smaller jurisdictions that may face proportional administrative burdens and reporting requirements relative to their grant size.
Key Issues
The Core Tension
The central dilemma is balancing immediate federal investment in state/local cybersecurity with the cost and oversight implications for federal and local governments. Higher federal cost-shares can speed modernization, but they transfer more responsibility to federal agencies for program governance and accountability, while states still bear any remaining non-federal costs and administrative burdens.
The bill’s changes focus on funding and timing rather than restructuring program mechanics. A key question is how the higher cost-shares will be applied across different types of cybersecurity projects and whether the higher federal contribution will be matched by additional reporting or oversight requirements.
There is also an implicit trade-off: while more federal funding reduces local outlays, it increases federal exposure and the burden on administering agencies to ensure proper use of funds. The extension through 2026 provides continuity, but it does not guarantee a long-term solution beyond FY2026; agencies will still await future reauthorization decisions and appropriations.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.