MEDIA ADVISORY: Subcommittee Chairman Ogles Announces Hearing on State and Local Cybersecurity Amid Evolving Threat Landscape

WASHINGTON, D.C. -- Today, Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andy Ogles (R-TN) announced a hearing for Thursday, May 21, to examine the escalating cyber threats facing state and local governments and assess the federal government's role in supporting non-federal partners, including through the Cybersecurity and Infrastructure Security Agency (CISA) and the State and Local Cybersecurity Grant Program (SLCGP). The hearing will also examine efforts by state and local governments to secure their critical infrastructure and protect their communities in the face of these threats.

As cyber criminals and nation-state actors increasingly target public sector networks, local governments are being forced to defend systems that support schools, hospitals, emergency response, water utilities, transportation, and other essential services. The hearing will also assess how the threat landscape is changing as artificial intelligence reduces the time, cost, and technical expertise required to conduct cyber operations. These developments place additional pressure on state and local entities, many of which already operate with limited cybersecurity staff, aging technology, and constrained budgets, while facing threats from ransomware gangs, criminal extortion groups, hacktivists, and state-sponsored actors tied to adversarial nations.

"America's state and local government networks are under attack from cyber criminals and malicious nation-state actors like never before, and we cannot afford to leave them defenseless. My PILLAR Act passed the House with strong support last year because cybersecurity at the local level is a foundational part of our national security," Subcommittee Chairman Ogles said. "President Trump's National Cyber Strategy has called for bolstering the cyber defenses of our communities to protect critical infrastructure and to put the safety and security of Americans first. Next week, state officials will provide critical insight into this mission and the support they need to accomplish it as we work together to combat the cyber threats of tomorrow."

DETAILS:

What: A House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection hearing entitled, "State and Local Cybersecurity: Escalating Threats, Federal Partnership, and the Resilience of America's Communities."

When: Thursday, May 21, at 2:00 p.m. ET

Where: 310 Cannon House Office Building

WITNESSES:

Kristin Darby
Chief Information Officer, the State of Tennessee

Colin Ahern
Director of Security and Intelligence, the State of New York

Warren Sponholtz
Chief Information Officer, the State of Florida

Samir Jain
Vice President of Policy, Center for Democracy & Technology

Witness testimony will be added here. The hearing will be livestreamed on YouTube and will be open to the public and press. Press must be congressionally credentialed and should RSVP in advance.

BACKGROUND:

In 2025, more than 44 U.S. states reported cyber incidents affecting state and local government systems, with communities from St. Paul, Minnesota, to Mission, Texas, declaring states of emergency following major intrusions. In all of 2024, 70 percent of cyberattacks involved critical infrastructure. For example, China-backed cyber actors maintained access for months within the networks of a public power utility in Littleton, Massachusetts. In just the second half of 2024, 82 percent of K-12 schools reported experiencing a cyber threat.

To combat these threats, the SLCGP provides grants to state, local, tribal, and territorial governments to address cybersecurity risks and threats to information systems. The Department of Homeland Security's (DHS) authority to administer these grants was extended through September 30, 2026, as part of a funding package signed into law in February. In November 2025, the House of Representatives passed Subcommittee Chairman Ogles' legislation, the "Protecting Information by Local Leaders for Agency Resilience Act" (PILLAR Act), to reauthorize and enhance the grant program for seven years. Committee Chairman Andrew R. Garbarino (R-NY) is an original cosponsor of the PILLAR Act.

The PILLAR Act:

• Reauthorizes the State and Local Cybersecurity Grant Program for seven years.
• Stabilizes the cost share at 60 percent for single entities or 70 percent for multi-entity groups-the current authorization level for Fiscal Year (FY) 2025.
• Incentivizes implementation of multi-factor authentication (MFA) across critical infrastructure by increasing the federal cost share by five percent if entities or multi-entity groups implement MFA by FY28.
• Adds language to capture operational technology and encourages adoption of artificial intelligence when applicable.
• Encourages direct outreach to small communities, regardless of their rurality.
• Places more accountability on entities and multi-entities to assume the long-term cost of cybersecurity investments in state budget planning processes.

In April, the Subcommittee held a hearing to examine whether the Department of Homeland Security (DHS) has the authorities, resources, and sector risk management structure necessary to defend the interconnected communications and information technology (IT) systems, assets, and underlying infrastructure that support American economic and national security. The Subcommittee also held a joint hearing with the Subcommittee on Border Security and Enforcement to examine how transnational criminal organizations are weaponizing emerging technologies to target Americans, businesses, and our critical infrastructure.

That month, Chairman Garbarino joined Rep. Vince Fong (R-CA) in California for a roundtable with officials from CISA and representatives from the Central Valley's military installations, local and state government, and critical infrastructure sectors, to ensure federal efforts are aligned with challenges facing the communities responsible for securing essential systems.

In January, the Subcommittee held a hearing to discuss how the federal government and private sector can more effectively collaborate to build up a forward-leaning cyber posture.

###

Homeland Security Committee Republicans