WASHINGTON, D.C. — Today, the House Committee on Homeland Security advanced, with bipartisan support, legislation introduced by Chairman Andrew R. Garbarino (R-NY) and Rep. Andy Ogles (R-TN) to reauthorize and update two vital cybersecurity tools utilized by the Department of Homeland Security (DHS) before they expire. These bills have received support from cybersecurity leaders across the private sector, non-profits, and state and local governments. Read statements of endorsement here.

Chairman Garbarino introduced H.R. 5079, the “Widespread Information Management for the Welfare of Infrastructure and Government Act,” or WIMWIG Act, which will enhance and extend the “Cybersecurity Information Sharing Act of 2015” for the next decade. The bill improves voluntary, real-time information sharing on cyber threats between federal and non-federal entities and preserves the original law’s privacy protections.

The WIMWIG Act is supported by USTelecom, Mantech, Forescout Technologies Inc., the Information Technology Industry Council, U.S. Chamber of Commerce, Independent Community Bankers of America, Bank Policy Institute, Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, Palo Alto Networks, American Fuel & Petrochemical Manufacturers Association, American Gas Association, American Petroleum Institute, American Public Gas Association, GPA Midstream Association, Interstate Natural Gas Association of America, Liquid Energy Pipeline Association, National Electrical Manufacturers Association, CHIME, OpenPolicy and Armis, the Operational Technology Cybersecurity Coalition (OTCC), Darktrace, CTIA, the Healthcare Information and Management Systems Society (HIMSS), SailPoint, 1Kosmos, the National Association of Water Companies (NAWC), and the Business Software Alliance (BSA).

On the “Widespread Information Management for the Welfare of Infrastructure and Government Act,” Chairman Garbarino said, “I am honored to begin my tenure as chairman with bipartisan and unanimous Committee support for the WIMWIG Act, legislation to extend and enhance an essential framework for voluntary cybersecurity information sharing between the public and private sectors. Stakeholders from across industry sectors have endorsed this legislation because it preserves the essential privacy and liability protections in the Cybersecurity Information Sharing Act of 2015, clarifies the law’s language to better address the evolving threat landscape, and ensures private-sector insight is properly captured. Failing to ensure the relevance and efficacy of one of the federal government’s most foundational cybersecurity tools for the next decade would threaten not only our networks but also the security of the homeland. Today’s swift advancement of the WIMWIG Act and Rep. Ogles’ PILLAR Act underscores the House Homeland Security Committee’s bipartisan commitment to enhancing our nation’s cybersecurity posture. Congress must get both bills to President Trump’s desk without delay.”

Rep. Ogles introduced H.R. 5078, the “Protecting Information by Local Leaders for Agency Resilience Act,” or PILLAR Act, to reauthorize DHS’s State and Local Cybersecurity Grant Program. The program provides grants to state, local, tribal, and territorial governments to address cybersecurity risks and threats to information systems and operational technology systems, including those using artificial intelligence.

The PILLAR Act is supported by the Alliance for Digital Innovation (ADI), Association of the United States Cyber Forces (AUSCF), Better Identity Coalition (BIC), CSC 2.0, Cybersecurity Coalition, Cyber Threat Alliance (CTA), Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies (FDD), Global Cyber Alliance (GCA), Information Technology Industry Council (ITI), McCrary Institute for Cyber and Critical Infrastructure Security, National Association of State Chief Information Officers (NASCIO), Operational Technology Cybersecurity Coalition (OTCC), Palo Alto Networks, Software & Information Industry Association (SIAA), Strategic Cybersecurity Coalition (SCC), TechNet, and Wiz.

On the “Protecting Information by Local Leaders for Agency Resilience Act,” Rep. Ogles said, “Cybersecurity is national security. The PILLAR Act puts America First by giving our states and communities the tools they need to defend against foreign cyber threats. With this legislation, there is no doubt that America will be ready for cyber warfare.” 

Background:

The WIMWIG Act:

• Reauthorizes the “Cybersecurity Information Sharing Act of 2015” and updates definitions in the law to include new tactics, techniques, and procedures and attack surfaces, such as artificial intelligence (AI), while ensuring procedures developed under the bill are updated to preserve vital protections for privacy and civil liberties.
• Ensures non-federal entities, especially small- to medium-sized entities, receive the information they need to address cybersecurity threats, including by granting one-time read-ins, as appropriate, to critical infrastructure owners and operators; directing federal entities to provide technical assistance to non-federal entities on a voluntary basis; and encouraging use of secure AI.
• Enhances congressional oversight and effectiveness of the Automated Indicator Sharing program—a real-time information sharing capability required by the law that was developed by DHS. 

The PILLAR Act:

• Reauthorizes the State and Local Cybersecurity Grant Program for ten years.
• Stabilizes the cost share at 60 percent for single entities or 70 percent for multi-entity groups—the current authorization level for Fiscal Year (FY) 2025.
• Incentivizes implementation of multi-factor authentication (MFA) across critical infrastructure by increasing the federal cost share by five percent if entities or multi-entity groups implement MFA by FY28. 
• Adds language to capture operational technology and encourages adoption of artificial intelligence when applicable.
• Encourages direct outreach to small communities, regardless of their rurality.
• Places more accountability on entities and multi-entities to assume the long-term cost of cybersecurity investments in state budget planning processes.

###