US security leaders have urged lawmakers to reauthorize two key pieces of cyber legislation, including one that facilitates threat-intel sharing between the private sector and federal government, before they expire at the end of the month.
The House Homeland Security Committee advanced both bills during a markup session on Wednesday, but little time remains to have them signed into law despite infosec luminaries deeming them critical components of US national security.
“The federal government needs to be able to collaborate closely and efficiently with the private sector to secure critical infrastructure against cyber actors attempting to preposition destructive capabilities in our systems,” said retired US Navy Rear Admiral Mark Montgomery, who also serves as senior director of the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation.
“Core to collaboration is the ability to share information,” he added.
Montgomery’s statement endorsed the Widespread Information Management for the Welfare of Infrastructure and Government (WIMWIG) Act, and he was among nearly 20 senior cybersecurity figures to endorse this proposal.
WIMWIG would extend for 10 years the Cybersecurity Information Sharing Act of 2015. This law, known as the “other CISA,” is a voluntary, cyber-threat sharing program between the private sector and the federal government. It provides legal protections to private security firms to encourage researchers to share threat indicators they see with the feds.
In addition to extending CISA until 2035, the new bill references AI – which wasn’t a top concern 10 years ago – and updates statutory cross-references for terms like “critical infrastructure” and “Sector Risk Management Agency,” without changing the established list of 16 sectors.
House Committee on Homeland Security Chairman Andrew Garbarino (R-NY) introduced the legislation, and during a Wednesday markup session, said it “reauthorizes a vital tool for our nation’s collective cyberdefense.”
“Reauthorizing this law … before it expires is essential for maintaining our cyber resilience,” Garbarino told his fellow lawmakers.
The second piece of legislation, introduced by Representative Andy Ogles (R-TN), is called the Protecting Information by Local Leaders for Agency Resilience Act (PILLAR). It reauthorizes the State and Local Cybersecurity Grant Program – a funding effort that began in 2022 and earmarked $1 billion to state and local governments over the next four years to help mitigate cyber risks.
Similar to WIMWIG, the PILLAR Act also added an AI provision. It also prioritizes security best practices including multi-factor authentication, and secure-by-design software development principles.
“The PILLAR Act will help build efficiencies through shared services, ensure rural and underserved local governments are able to defend critical systems, replace outdated cybersecurity tools, and ensure more localities are well positioned to securely integrate emerging technologies,” said Mitch Herckis, global head of government affairs at Google-owned cloud security firm Wiz, in a statement endorsing the bill. ®