Widespread Information Management for the Welfare of Infrastructure and Government Act
- Bill Number
- H.R. 5079
- Origin Chamber
- House
- Congress
- 119th Congress, Session 1
- Policy Area
- Science, Technology, Communications
- Status
- Introduced
- Latest Action
- 2025-09-03: Ordered to be Reported (Amended) by the Yeas and Nays: 25 - 0.
- Last Updated
- 2025-09-25T20:35:20Z
AI-Generated Summary
Purpose This legislation reauthorizes the Cybersecurity Act of 2015 (enacted as division N of Public Law 114-113) through 2035 and updates related provisions to strengthen federal and non-federal cybersecurity information sharing, incorporate artificial intelligence tools, and address evolving threats to critical infrastructure.
Key Provisions
- Definitions: Adds terms for artificial intelligence, critical infrastructure, and Sector Risk Management Agency; expands existing definitions of cyber threat indicators and defensive measures to cover operational technology, edge devices, Internet of Things devices, and supply chain vulnerabilities.
- Information Sharing Procedures: Requires federal agencies to develop, issue, and periodically update guidelines for sharing cyber threat indicators; adds authority for one-time read-ins to select individuals at critical infrastructure entities and prioritizes rapid dissemination to state, local, tribal, and territorial governments.
- Authorization for Cybersecurity Activities: Permits the use of artificial intelligence developed or deployed strictly for cybersecurity purposes in threat prevention, detection, analysis, and mitigation; clarifies that such use does not violate certain restrictions.
- Outreach and Guidance: Mandates the Department of Homeland Security to create and implement an outreach plan targeting small or rural critical infrastructure owners and operators; requires annual briefings to congressional committees on outreach efforts.
- Reporting Requirements: Updates biennial reports on cybersecurity threats to include prepositioning activities and ransomware; expands reporting to additional congressional committees.
- Conforming Amendments: Modifies definitions in the Homeland Security Act of 2002 to align with the expanded scope of cyber threats and defensive measures.
Significant Changes to Existing Law
- Extends the Cybersecurity Act of 2015’s authorization from 2025 to 2035.
- Integrates artificial intelligence explicitly into authorized cybersecurity activities and removes certain barriers to its use.
- Introduces new requirements for updating sharing procedures and policies on an ongoing basis rather than only at initial issuance.
- Adds specific outreach obligations and protections for copyright alongside trade secret information.
- Broadens the scope of reportable threats and the entities eligible to receive shared indicators.
Potential Impacts
- Government Agencies: Enhances coordination among federal entities, Sector Risk Management Agencies, and the Department of Homeland Security by improving real-time information sharing and technical assistance capabilities.
- Citizens and Infrastructure Operators: Supports better protection of critical infrastructure through expanded voluntary sharing and targeted outreach to smaller or rural entities that may lack dedicated cybersecurity resources.
- International Relations: No direct provisions address international aspects; impacts would be indirect through strengthened domestic cybersecurity posture.
Main Stakeholders Affected
- Federal agencies, including the Department of Homeland Security, Department of Justice, and Sector Risk Management Agencies.
- Non-federal owners and operators of critical infrastructure, particularly small or rural entities.
- State, local, tribal, and territorial governments.
- Congressional committees on homeland security and intelligence.
Notable Legal, Constitutional, or Political Implications
- Updates legal protections for shared information to explicitly include copyright alongside existing trade secret safeguards.
- Clarifies that authorized activities do not preempt or limit certain existing authorities related to Sector Risk Management Agencies.
- Maintains the voluntary nature of information sharing while adding safeguards against misuse of personal information.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Rep. Garbarino, Andrew R. [R-NY-2]
Cosponsors (1)
Rep. McCaul, Michael T. [R-TX-10]
Recent Actions
- 2025-09-03: Ordered to be Reported (Amended) by the Yeas and Nays: 25 - 0.
- 2025-09-03: Committee Consideration and Mark-up Session Held
- 2025-09-03: Subcommittee on Cybersecurity and Infrastructure Protection Discharged
- 2025-09-02: Referred to the Subcommittee on Cybersecurity and Infrastructure Protection.
- 2025-09-02: Referred to the Committee on Homeland Security, and in addition to the Committees on Oversight and Government Reform, Intelligence (Permanent Select), Energy and Commerce, Armed Services, and the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2025-09-02: Referred to the Committee on Homeland Security, and in addition to the Committees on Oversight and Government Reform, Intelligence (Permanent Select), Energy and Commerce, Armed Services, and the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2025-09-02: Referred to the Committee on Homeland Security, and in addition to the Committees on Oversight and Government Reform, Intelligence (Permanent Select), Energy and Commerce, Armed Services, and the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2025-09-02: Referred to the Committee on Homeland Security, and in addition to the Committees on Oversight and Government Reform, Intelligence (Permanent Select), Energy and Commerce, Armed Services, and the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2025-09-02: Referred to the Committee on Homeland Security, and in addition to the Committees on Oversight and Government Reform, Intelligence (Permanent Select), Energy and Commerce, Armed Services, and the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2025-09-02: Referred to the Committee on Homeland Security, and in addition to the Committees on Oversight and Government Reform, Intelligence (Permanent Select), Energy and Commerce, Armed Services, and the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2025-09-02: Introduced in House
- 2025-09-02: Introduced in House
Bill Versions
- Widespread Information Management for the Welfare of Infrastructure and Government Act — issued 2025-09-02 — PDF (15 pages)