American Rescue Plan rule tweak allows more cybersecurity spending

An exterior view of the building of US Department of the Treasury is seen on March 27, 2020 in Washington. (Olivier Douliery / AFP / Getty Images)


Written by

A rule change announced last week by the U.S. Treasury Department allows state and local governments that received funds under last year’s American Rescue Plan to more easily spend that money on cybersecurity upgrades and broadband construction, bringing relief to officials who said the original law was too restrictive.

The final rule on the American Rescue Plan’s state and local relief fund, published Thursday, loosens the restrictions on the $350 billion that states and localities are set to receive under the act, which President Joe Biden signed last March as the signature element of his pandemic response agenda.

While state and local officials were successful in lobbying the federal government to make the Rescue Plan’s funds more flexible than those in the 2020 CARES Act — which limited relief money to programs that directly addressed COVID-19 — recipients still needed to show how they would use their awards to replace tax revenue lost during the worst of the pandemic. The final rule gives governments receiving relief funds the option of claiming a standardized revenue-loss allowance of up to $10 million — which the Treasury Department says meets most recipients’ total awards — rather than calculating exact revenue losses using a complex formula.

The National Association of Counties, which pushed for the rule tweaks, applauded the Treasury’s decision. “We commend the administration for embracing the bipartisan concept of flexibility in allowing counties to use up to $10 million in Recovery Funds for important general public services,” the organization’s executive director, Matthew Chase, said in a press release.

The final rule, which is set to take effect April 1, also broadens what the Treasury considers “government services” that relief funds can fund. While state and local governments could already use their awards on IT upgrades, the new rule specifically names cybersecurity modernization and broadband infrastructure constructions as acceptable uses of relief funds, including hardware and software expenditures.

Eryn Hurley, NACo’s deputy director of government affairs, told StateScoop that before the rule change, relief funds could only be used to offset lost revenues. But with many counties, like states, reporting better-than-expected tax revenues last year, the final rule means they will be able to undertake much-needed cybersecurity upgrades.

“Recipients may provide necessary investments in cybersecurity, including modernization of hardware and software, for existing and new broadband infrastructure regardless of their speed delivery standards,” the rule reads.

So far, $245 billion of the $350 billion in state and local relief funds has been awarded, the Treasury Department said.

-In this Story-

American Rescue Plan, National Association of Counties (NACo), Treasury Department