Plain Language Summary
# PILLAR Act Summary **What It Does:** The PILLAR Act extends and expands a federal grant program that helps states, local governments, and Native American tribes protect their computer systems from cyberattacks. Currently set to expire, the bill would keep the program running through 2035. It broadens what the grants can cover—adding protection for operational technology systems (like those controlling power grids or water systems) and artificial intelligence systems.
The bill also requires that any software or equipment purchased with these grants meets security standards set by the federal Cybersecurity and Infrastructure Security Agency (CISA). **Who It Affects:** State and local governments, tribal nations, and their residents would benefit from improved cybersecurity protections. Federal taxpayers fund the program, and cybersecurity vendors could be affected by the requirement to meet CISA standards to sell to grant recipients. **Current Status:** The bill has passed the House of Representatives and is awaiting action in the Senate. It was sponsored by Representative Andrew Ogles (R-Tennessee).
CRS Official Summary
Protecting Information by Local Leaders for Agency Resilience Act or the PILLAR ActThis bill extends the State and Local Cybersecurity Grant Program through FY2035, expands the scope of the program, and imposes certain limits on the use of grant funds. (The program provides grants to states and Indian tribes to address cybersecurity risks to government information systems.)The bill expands the scope of systems that may be secured using grant funds to include operational technology systems and specifies that systems using artificial intelligence are included. Such systems must be maintained, owned, or operated by or on behalf of state, local, or tribal governments.The bill also specifies that grant funds may not be used to purchase software, hardware, or related products or services that do not align with relevant guidance provided by the Cybersecurity and Infrastructure Security Agency (CISA).Further, the bill increases the federal share of costs available to entities that implement or enable multifactor authentication and identity and access management tools for critical infrastructure by a specified date.The bill requires annual reports by grant recipients to include a description of recipients’ progress in assuming the cost of continuing cybersecurity programs after grant funds are fully expended. The Government Accountability Office must periodically review the program. This effort must include a review of artificial intelligence adoption across a sample of grants.Finally, CISA must implement an outreach plan to inform local governments, including governments in rural areas or areas with small populations, about CISA’s no-cost cybersecurity offerings.
Latest Action
Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs.