Legislation to renew two federal cybersecurity laws has finally begun moving through Congress, but it’s unclear if lawmakers will be able to pass both bills before an end-of-the-month deadline.

The House Homeland Security Committee voted 25-0 to approve the Widespread Information Management for the Welfare of Infrastructure and Government Act — a 10-year extension of the 

the 2015 Cybersecurity Information Sharing Act, which provides incentives for private entities to voluntarily share digital threat intelligence with the federal government.

The panel also voted 21-1 to reauthorize the State and Local Cybersecurity Grant Program. The effort, included in the 2022 bipartisan infrastructure package, gave $1 billion to local governments to improve their posture against cyberthreats.

Both statutes are slated to expire on September 30 without congressional action.

The original intelligence sharing bill “changed the cybersecurity landscape forever and for the better,” newly installed House Homeland Chairman Andrew Garbarino (R-NY) said during Wednesday’s markup. 

Any lapse in the authorities “would significantly slow down, or even halt the information sharing of our cyber defenders that they depend on, and not let this happen,” he added.

The new bill would renew the law until 2035. It includes updated definitions for how it applies to artificial intelligence, critical infrastructure and sector risk management agencies. 

The measure also would require the Homeland Security secretary to create and “continuously implement an outreach plan, including targeted engagement, to ensure federal and non-federal entities, particularly small or rural owners or operators of critical infrastructure” within 90 days of passage, according to the bill.

Rep. Bennie Thompson of Mississippi, the committee’s top Democrat, supported the measure but not before he noted he had “made clear on multiple occasions that I believe a clean 10-year extension is the most expeditious path forward.”

In April, Senate Homeland Security Committee ranking member Gary Peters (D-MI) and Sen. Mike Rounds (R-SD) introduced a draft bill that would make no changes to the original legislation beyond extending it for another 10 years. 

The Senate panel has yet to take up the bipartisan measure, however it was added to the chamber’s version of the annual Intelligence Authorization Act, which is usually folded into the annual National Defense Authorization Act. The bipartisan duo also filed a stand-alone reauthorization amendment to the defense bill.

The House legislation doesn’t include language barring the Cybersecurity and Infrastructure Security Agency from combating disinformation online, which has become a pet issue for far-right lawmakers, including Senate Homeland Security Chairman Rand Paul (R-KY).

Garbarino said he “had a very good call” with Paul last night where they discussed separate legislation to specifically address the DHS cyber wing and its mission, adding he believed there would be more impetus for such a push once President Donald Trump’s nominee to helm the agency, Sean Plankey, is confirmed.

Grants program extension

The panel voted to renew the State and Local Cybersecurity Grant Program for another 10 years, though it would be renamed as the Protecting Information by Local Leaders for Agency Resilience Act, or PILLAR Act. 

“Our state and local governments not only need to guard against cybercriminals, but against nation-state actors who will target our critical networks, especially in small rural communities,” Rep. Andy Ogles (R-TN), who introduced the legislation, said before the vote.

The bill would only provide 60 percent of funds to eligible states, localities and tribal governments. Groups of eligible entities applying together would receive federal funds for 70 percent.

It would also cement CISA’s Secure by Design effort by prohibiting the use of funds to buy software or hardware that doesn’t follow the guidance.

The Senate Homeland Security Committee has yet to introduce a companion bill.