Cyber Leaders Across Sectors Endorse Homeland Republicans’ Legislation to Extend, Reform Critical Tools Before They Expire

WASHINGTON, D.C. - This week, cybersecurity leaders across the private sector, non-profits, and state and local governments endorsed two pieces of legislation critical for our nation's cybersecurity posture that are slated for markup by the House Committee on Homeland Security this morning, both of which include authorities that will expire at the end of this month if not reauthorized by Congress. Chairman Andrew R. Garbarino's (R-NY) legislation, the "Widespread Information Management for the Welfare of Infrastructure and Government Act" (WIMWIG Act), reauthorizes and reforms a crucial framework for voluntary information sharing between the public and private sectors on cyber threats, which was first codified in the "Cybersecurity Information Sharing Act of 2015." Rep. Andy Ogles' (R-TN) legislation, the "Protecting Information by Local Leaders for Agency Resilience Act" (PILLAR Act), reauthorizes and reforms the State and Local Cybersecurity Grant Program to help state, local, tribal, and territorial governments prepare for and defend against cyber threats.

Below are statements in support of the "Widespread Information Management for the Welfare of Infrastructure and Government Act" (WIMWIG Act).

Jonathan Spalter, President and Chief Executive Officer, USTelecom: "The reauthorization of CISA 2015 preserves and strengthens a proven legal framework that enables trusted, timely, and effective cyber threat information sharing between the public and private sectors. This framework is critical for telecommunications providers, who often serve as the first line of defense against malicious cyber activity. With strong legal protections in place, companies are empowered to share threat indicators without hesitation, allowing faster detection of attacks and better protection of the networks Americans depend upon."

Robert Mayer, Senior Vice President of Cybersecurity & Innovation, USTelecom: "The introduction of the Widespread Information Management for the Welfare of Infrastructure and Government (WIMWIG) Act is a significant step toward strengthening America's cybersecurity. By reauthorizing the Cybersecurity Act of 2015, this bill preserves the trusted framework that enables industry and government to share critical threat information quickly and securely. For the telecommunications sector, where our networks are on the front lines of cyber defense, this legislation is essential to protecting the infrastructure Americans depend on every day. USTelecom applauds Chairman Garbarino and his colleagues for their leadership in bringing forward this vital measure."

Brian McHugh, Senior Vice President for External Affairs and Chief of Staff to the President and CEO, MANTECH: "As a critical component of the Defense Industrial Base MANTECH has seen firsthand the great benefit provided by the timely sharing of cyber threat indicators. We support the efforts to provide a reauthorization of the critical framework for enabling this sharing through the 'Widespread Information Management for the Welfare of Infrastructure and Government Act' or 'WIMWIG Act.'"

Barry Mainz, Chief Executive Officer, Forescout Technologies Inc: "The Cybersecurity Information Sharing Act of 2015 is a cornerstone of our collective defense. Advanced persistent threat actors (APTs) are ruthlessly targeting U.S. critical infrastructure which includes hospitals, energy grids, water systems, schools, and financial institutions through vulnerable IoT and OT devices. At Forescout, we know no single entity can secure our nation's infrastructure alone. Public-private partnerships that drive real action are essential to protecting Americans and strengthening our collective resilience across our most critical systems. I strongly support the reauthorization of CISA 2015 and urge Congress to act without delay."

John Miller, Senior Vice President of Policy and General Counsel, Information Technology Industry Council: "The extension of information sharing authorities and legal protections is the highest cybersecurity priority for Congress. Congressman Garbarino's inclusion of legislation to extend CISA15 in his first markup as the new Chairman of the House Homeland Security Committee is a great sign that the Committee will continue to prioritize cyber issues. We appreciate the Committee's partnership on extending this critical and successful cybersecurity law and look forward to continuing to work with the Trump Administration and Senate to ensure CISA15 is reauthorized before its September 30 expiration."

Matthew J. Eggers, Vice President for Cybersecurity Policy in the Cyber, Space, and National Security Policy Division, U.S. Chamber of Commerce: "The U.S. Chamber of Commerce commends House Homeland Security Committee Chairman Andrew Garbarino for his leadership on cybersecurity issues. The Cybersecurity Information Sharing Act of 2015 is a cornerstone of U.S. cybersecurity and must not be allowed to expire. Chairman Garbarino's Widespread Information Management for the Welfare of Infrastructure and Government Act takes key steps to help businesses respond quickly to today's cyber threats, including reauthorizing CISA 2015 until 2035. Lawmakers need to send CISA 2015 reauthorization legislation to the president to ensure that businesses have legal certainty and protection against frivolous lawsuits when voluntarily sharing and receiving threat data and taking actions to reduce cyberattacks."

Rebeca Romero Rainey, President and CEO, Independent Community Bankers of America: "The Independent Community Bankers of America (ICBA) thanks Chairman Garbarino and the House Homeland Security Committee for its work on the Widespread Information Management for the Welfare of Infrastructure and Government (WIMWIG) Act. ICBA strongly supports the reauthorization of CISA 2015, which provides a legal framework and mechanisms that allow community banks to be more informed, better defended, and more resilient against the ever-evolving landscape of cyber threats."

Heather Hogsett, Executive Vice President and Head of BITS, Bank Policy Institute: "We're grateful to Chairman Garbarino for his work to renew the Cybersecurity Information Sharing Act. This law has helped protect the American financial system for over a decade by enabling banks to confidentially share threat information with industry and government partners. Reauthorizing the statute before it expires protects the U.S. financial system at a time of heightened global conflict and reaffirms bipartisan commitment to safeguarding our national security."

Mark Montgomery, Executive Director, CSC 2.0, Senior Director, Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies: "The federal government needs to be able to collaborate closely and efficiently with the private sector to secure critical infrastructure against cyber actors attempting to preposition destructive capabilities in our systems. Core to collaboration is the ability to share information. The Widespread Information Management for the Welfare of Infrastructure and Government Act not only extends the current mechanism and liability protections that are central to the ability of the private sector to share information with the government, but it also holds federal agencies accountable for providing timely and updated information back to the private sector."

Daniel Kroese, Vice President, Public Policy and Government Affairs, Palo Alto Networks: "Palo Alto Networks applauds Chairman Garbarino's leadership on legislation to reauthorize and improve the Cybersecurity Information Sharing Act of 2015 (CISA 2015) and the State and Local Cybersecurity Grant Program (SLCGP)…The successful reauthorization of CISA 2015, with updates that take new and emerging technology like AI into account, will enhance our nation's collective defense by protecting the free exchange of cyber threat information between network defenders."

American Fuel & Petrochemical Manufacturers Association, American Gas Association, American Petroleum Institute, American Public Gas Association, GPA Midstream Association, Interstate Natural Gas Association of America, Liquid Energy Pipeline Association: "The undersigned trade associations (collectively, 'the associations') urge Congress to pass the Widespread Information Management for the Welfare of Infrastructure and Government Act ('WIMWIG') before September 30, 2025… Originally enacted in 2015 with broad bipartisan support, CISA 2015 established the voluntary information network to enable 'public and private sector entities to share cyber threat information, removing legal barriers and the threat of unnecessary litigation.' Of paramount importance, the law's antitrust exemption and liability protections enables private sector sharing of sensitive cyber information. These authorities are foundational to strengthening our collective defense against cybersecurity threats, facilitating trust in the public-private partnership, and serving as the backbone of essential programs across the federal government - programs that have measurably improved the security posture of critical infrastructure in the United States and strengthened the federal governments' security awareness. WIMWIG ensures these fundamental principles are maintained, while including key updates that capture the evolution of the cybersecurity ecosystem over the last ten years."

Peter Ferrell, Senior Director of Government Relations, National Electrical Manufacturers Association : "America's electrical manufacturers, whose products enable critical sectors of the economy including energy, transportation, healthcare, and defense, applaud the efforts of House Homeland Security Committee Chairman Garbarino (R-NY) and his colleagues to reauthorize the Cybersecurity Information Sharing Act of 2015 before existing authorization
expires on September 30, 2025. Reauthorizing CISA 2015 will ensure that industry - including electrical manufacturers--and the public sector maintain their ability to freely share cyber threat information, a key driver of secure and resilient supply chains for critical infrastructure. This bill moves us in the right direction."

Russell P. Branzell, President and CEO, CHIME: "We are deeply appreciative of [Chairman Garbarino's] commitment to improving our nation's cybersecurity posture and working to help strengthen protections for critical infrastructure. To that end, we support the reauthorization of the Cybersecurity Information Sharing Act of 2015 under your leadership with the Widespread Information Management for the Welfare of Infrastructure and Government Act. The Cybersecurity Information Sharing Act of 2015 has been vital for healthcare providers by enabling trusted, sharing of cyber threat intelligence, helping hospitals and other healthcare providers detect and respond to attacks more effectively; reauthorization is thus essential to preserve and expand these protections as threats grow more sophisticated and frequent. Your bill's efforts to improve outreach to the private sector are especially welcomed."

OpenPolicy and Armis: "OpenPolicy and Armis support the proposed Widespread Information Management for the Welfare of Infrastructure and Government (WIMWIG) Act. By reauthorizing and modernizing the Cybersecurity Information Sharing Act of 2015, this Act strengthens public-private collaboration and our collective resilience. We appreciate the Act's acknowledgement of the evolving threat landscape and need to promote the use of innovative technologies to enhance cybersecurity--the Act provides the long-term certainty needed for sustained investment in public-private collaboration essential for cyber resilience."

Below are statements in support of the "Protecting Information by Local Leaders for Agency Resilience Act" (PILLAR Act).

Mark Montgomery, Executive Director, CSC 2.0, Senior Director, Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies: " State and local governments are under attack from nation-state hackers and criminal cyber gangs. The Protecting Information by Local Leaders for Agency Resilience Act extends a critical grant program that provides funds to these governments, municipally owned utilities, and other under-resourced entities to make needed cybersecurity investments. Chairman Garbarino is making a wise update to the state and local grant program by ensuring that recipients can use the funds not only to protect their information systems but also the essential processes that Americans rely on every day when they turn on the faucet or flip a light switch."

Alliance for Digital Innovation (ADI), Better Identity Coalition (BIC), Cybersecurity Coalition, Information Technology Industry Council (ITI), TechNet: " We, the undersigned associations, are writing to strongly support the continued funding of the State and Local Cybersecurity Grant Program (SLCGP) (the Grant Program).Cybersecurity threats are an escalating risk that demands immediate and sustained action to prevent serious harm to American communities. Nation-state actors are persistently targeting U.S. critical infrastructure and systems at the state, local, tribal, and territorial (SLTT) government levels, seeking to conduct espionage, disrupt essential services, and erode public trust. Recent trends highlight the severity of this threat. According to CrowdStrike's 2025 Global Threat Report, malicious cyber activity linked to the People's Republic of China surged by 150 percent overall in 2024, with some targeted industries suffering 200 percent to 300 percent more attacks than the previous year. The Federal Bureau of Investigation (FBI), in its Internet Crime Report 2024, highlighted $16.6 billion in losses reported to the Internet Crime Complaint Center (IC3) over the past year. Actors affiliated with Russia, North Korea, and Iran remain persistent, sophisticated, and motivated."

National Association of State Chief Information Officers: "NASCIO applauds the House Homeland Security Committee for taking action to reauthorize the State and Local Cybersecurity Grant Program. This program has been instrumental in providing state and local governments with the resources they need to improve their cyber defenses and address critical threats. We encourage swift passage in both the House and Senate, accompanied by a robust appropriation to ensure that the progress that has been made through this program can continue."

Daniel Kroese, Vice President, Public Policy and Government Affairs, Palo Alto Networks:
"The SLCGP has been instrumental in helping state and local governments define cybersecurity requirements and enhance their cybersecurity posture. This bill would reauthorize this critical program and ensure operational technology and AI systems are explicitly covered within the scope. Facing threats from sophisticated nation states and criminal actors, we must ensure our state and local partners are resourced to deploy the latest and best cybersecurity tools to protect our nation's critical infrastructure and information networks."

Mitch Herckis, Global Head of Government Affairs, Wiz:

"We commend the Committee for its bipartisan effort to reauthorize and strengthen this critical program. We are particularly encouraged by the bill's recognition that AI is already embedded in many state and local information and operational technology systems. Implementing solutions that support the resiliency of AI-enabled systems is critical to reducing future risk and safeguarding public trust. We also appreciate the prioritization of secure by design principles within the bill, as well as the broader effort to ensure state and local governments acquire resilient security solutions. The PILLAR Act will help build efficiencies through shared services, ensure rural and underserved local governments are able to defend critical systems, replace outdated cybersecurity tools, and ensure more localities are well positioned to securely integrate emerging technologies."

###