$300 Million Cyber Grant Reauthorization: Federal Share Set at 60% for State/Local Digital Defenses in FY 2026

The State and Local Cybersecurity Grant Program Reauthorization Act is essentially a funding renewal and update for the federal programs that help state, local, and tribal governments beef up their digital defenses. This bill authorizes $300 million for these grant programs for fiscal year 2026, ensuring that the critical infrastructure we all rely on—from utility grids to election systems—can keep up with modern threats. It also sets the specific federal share of the cost for that year: 60% for state and local government grants, and a higher 70% for Tribal government grants (SEC. 2).

Keeping the Lights On: Why Your Local Government Needs This Cash

Think about what happens when a city or county gets hacked. It’s not just a headline; it’s the DMV shutting down, the water treatment plant running on manual, or schools losing access to critical data. These grants are the funding mechanism that allows local governments—who often run on tight budgets—to hire security experts, buy necessary software, and train their staff. By setting the federal share at 60% for state/local governments, the bill clarifies that for every $100,000 spent on cybersecurity improvements, the federal government will foot $60,000 of the bill, leaving the state or locality to cover the remaining $40,000 (SEC. 2). This cost-sharing model encourages investment while requiring local buy-in.

The Tribal Advantage and Budget Certainty

One notable detail is the higher federal share for Tribal governments, set at 70%. This recognizes the often more limited resources and unique needs of Tribal entities when facing sophisticated cyber threats. For these governments, a $100,000 security project would require only $30,000 in local funds, a significant boost. The overall authorization of $300 million for FY 2026 (SEC. 3) provides crucial budget certainty for these programs, allowing state and local Chief Information Security Officers (CISOs) to plan complex, multi-year projects without worrying if the funding stream will suddenly dry up.

The Chemical Security Extension

In a seemingly unrelated move, the bill also includes a one-year extension for the Chemical Facility Anti-Terrorism Standards (CFATS) program, pushing its authorization deadline from September 30, 2025, to September 30, 2026 (SEC. 4). CFATS is the program that regulates high-risk chemical facilities across the country to prevent them from being targets of terrorism. While this extension keeps the existing security framework in place for another year, it is a temporary fix. For the companies regulated by CFATS—the manufacturers, distributors, and utilities that handle hazardous chemicals—this means continued compliance under the current rules, delaying any potential comprehensive overhaul of the program until 2026.