House Hearing Scrutinizes Federal Cybersecurity Support as Threats Mount

Why it Matters

State and local governments are under siege from cyber criminals and nation-state actors, and Congress will now examine whether the federal government is pulling back precisely when those communities need it most. A hearing of the House Subcommittee on Cybersecurity and Infrastructure Protection on May 19 comes as the Cybersecurity and Infrastructure Security Agency (CISA) has slashed funding for the primary federal-state cyber coordination hub. In addition, a key federal grant program for local governments is set to expire, and county governments have recently been targeted by Iranian-linked hackers and ransomware operators. When a county IT network goes down, residents lose access to emergency services, court records, and public health systems.

The Funding Cuts Driving the Debate

A series of federal funding decisions have left state and local governments more exposed. CISA cut approximately $10 million annually from the Multi-State Information Sharing and Analysis Center (MS-ISAC), the primary federal cybersecurity collaboration hub connecting Washington with state and local governments. The agency also withdrew support for the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) in February 2026, according to the National Association of Counties.

Federal News Network reported in April that CISA's cyber partnerships with state and local governments now face a "standstill," compounded by the elimination of the Critical Infrastructure Partnership Advisory Council and Congress's failure to reauthorize the State and Local Cybersecurity Grant Program, which is funded only through the end of fiscal year 2026. The Information Technology and Innovation Foundation warned in late April that without predictable federal support, long-term planning and timely threat response at the local level "will remain challenging," with many agencies lacking a dedicated cybersecurity budget entirely.

Escalating Cyber Threats Hit Home

Winona County, Minnesota suffered a cyberattack on its government IT networks that was the second such incident in just three months, prompting Governor Tim Walz to authorize the Minnesota National Guard's cyber protection team to respond. MPR News described the attack as "part of a trend, as cybercriminals are increasingly targeting local units of government, which they see as lucrative targets." The Foundation for Defense of Democracies noted in May that governors are now routinely calling in the National Guard to respond to ransomware incidents, a sign of how severely local government cybersecurity capacity is being stretched.

Nation-state actors have also entered the picture. In April, St. Joseph's County, Indiana officials were informed via fax by Iranian-linked hackers claiming to have "completely taken control of the centralized IT infrastructure" of the county, according to reporting by the Foundation for Defense of Democracies. MS-ISAC stated there was "no clear evidence that the claim is legitimate," but Defense One reported that pro-Iran hackers appear to be increasing critical infrastructure attacks more broadly, with agencies warning that Iranian-linked groups are targeting programmable logic controllers (PLCs) across multiple U.S. critical infrastructure sectors.

The 2026 NASCIO-Deloitte Cybersecurity Study, covering all 50 states, the District of Columbia, and the U.S. Virgin Islands, found that state chief information security officers (CISOs) are less confident than ever in their ability to safeguard data assets. One officer quoted in the study said, "With the rising adoption of AI and agentic AI, the speed at which attacks are occurring is accelerating at a blistering pace." The study also flagged concerns about local governments that interact with state systems, but lack comparable defenses.

The Subcommittee and Its Leadership

The hearing will be held at 2 p.m. at 310 Cannon House Office Building and will be convened by the House Subcommittee on Cybersecurity and Infrastructure Protection, which sits under the full Homeland Security Committee. Rep. Andy Ogles (R-TN) chairs the subcommittee, while Rep. Andrew Garbarino (R-NY) chairs the full Homeland Security Committee.

What Hangs in the Balance

The expiration of the State and Local Cybersecurity Grant Program at the end of fiscal year 2026 gives the hearing a clear focus. Whether Congress moves to reauthorize the program, and on what terms, will directly determine whether thousands of county and municipal governments can sustain the cybersecurity improvements the program funded. For communities that have already experienced attacks, as well as those that have not yet, the federal government's posture on local government cybersecurity will have tangible consequences for services that residents depend on every day.

Access the Legis1 platform for comprehensive political news, data, and insights.