Ethical Hacking News
US Congress has passed legislation to extend critical cyber security measures, providing support to the country's efforts in securing its infrastructure against cyber threats.
The US Congress has passed legislation to support cyber security efforts, extending two key pieces of cyber legislation. The legislation includes reauthorizing the Cybersecurity Information Sharing Act (CISA) and adding a new provision related to AI. The Widespread Information Management for the Welfare of Infrastructure and Government (WIMWIG) Act will also extend CISA's provisions for 10 years. The legislation prioritizes security best practices, including multi-factor authentication and secure-by-design software development principles. The federal government needs to collaborate closely with the private sector to secure critical infrastructure against cyber threats.
The United States Congress has recently passed legislation that will provide significant support to the country's cyber security efforts. The House Homeland Security Committee advanced two key pieces of cyber legislation, including one that facilitates threat-intel sharing between the private sector and federal government, before they expire at the end of the month.
The first piece of legislation, reauthorizing the Cybersecurity Information Sharing Act (CISA), will extend its provisions for 10 years. This law, known as the "other CISA," is a voluntary, cyber-threat sharing program between the private sector and the federal government. It provides legal protections to private security firms to encourage researchers to share threat indicators they see with the feds.
The second piece of legislation, called the Widespread Information Management for the Welfare of Infrastructure and Government (WIMWIG) Act, will extend CISA's provisions for 10 years as well. This law will also add a new provision related to AI, which was not a top concern just ten years ago. The WIMWIG Act references AI and updates statutory cross-references for terms like "critical infrastructure" and "Sector Risk Management Agency," without changing the established list of 16 sectors.
The WIMWIG Act's senior director, retired US Navy Rear Admiral Mark Montgomery, stated that the federal government needs to collaborate closely with the private sector to secure critical infrastructure against cyber actors who are attempting to preposition destructive capabilities in our systems. He added that "core to collaboration is the ability to share information."
In addition to extending CISA and WIMWIG, the new legislation will also update statutory cross-references for terms like "critical infrastructure" and "Sector Risk Management Agency." The PILLAR Act adds an AI provision and prioritizes security best practices including multi-factor authentication.
Representative Andy Ogles (R-TN) introduced the Protecting Information by Local Leaders for Agency Resilience Act, also known as the PILLAR Act. The legislation reauthorizes the State and Local Cybersecurity Grant Program – a funding effort that began in 2022 and earmarked $1 billion to state and local governments over the next four years to help mitigate cyber risks.
The PILLAR Act will also prioritize security best practices including multi-factor authentication, and secure-by-design software development principles. Mitch Herckis, global head of government affairs at Google-owned cloud security firm Wiz, stated that "the PILLAR Act will help build efficiencies through shared services, ensure rural and underserved local governments are able to defend critical systems, replace outdated cybersecurity tools, and ensure more localities are well positioned to securely integrate emerging technologies."
Congress has urged lawmakers to reauthorize these two key pieces of cyber legislation before they expire at the end of the month. The federal government needs to be able to collaborate closely with the private sector to secure critical infrastructure against cyber actors attempting to preposition destructive capabilities in our systems.
The House Homeland Security Committee advanced both bills during a markup session on Wednesday, but little time remains to have them signed into law despite infosec luminaries deeming them critical components of US national security. It is essential for the federal government and lawmakers to reauthorize these pieces of legislation before they expire.
In conclusion, Congress has recently passed legislation that will provide significant support to the country's cyber security efforts. The House Homeland Security Committee advanced two key pieces of cyber legislation, including one that facilitates threat-intel sharing between the private sector and federal government. The legislation will extend CISA's provisions for 10 years and add a new provision related to AI.
Related Information:
https://www.ethicalhackingnews.com/articles/Congress-Tosses-Lifeline-to-Cyber-Intel-Sharing-and-Funding-Grants-Extension-to-Threat-Intel-Program-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/09/04/cyber_threat_intelsharing_funding_lifeline/
https://www.theregister.com/2025/09/04/cyber_threat_intelsharing_funding_lifeline/
https://www.fdd.org/analysis/2025/07/09/u-s-cybersecurity-at-risk-without-congressional-action/
Published: Wed Sep 3 19:56:52 2025 by llama3.2 3B Q4_K_M
