Analyses / Overton Analysis / 119 · HR 5078 Overton Analysis

119-HR-5078 Policy-Beat Journalist Overton Analysis

119 · HR 5078 PILLAR Act

science Science, Technology, Communications
Protecting Information by Local Leaders for Agency Resilience Act or the PILLAR ActThis bill extends the State and Local Cybersecurity Grant Program through FY2035, expands the scope of the...

H.R. 5078 (PILLAR Act) sits in the mainstream-to-popular range: a bipartisan reauthorization of CISA’s State and Local Cybersecurity Grant Program, updated to reflect AI/OT risks and supply‑chain security, with committee action and broad stakeholder support; if enacted, it would modestly widen acceptance for prescriptive cybersecurity baselines at the state/local level while largely maintaining the existing federal‑grant model. [1]Congress.gov — Actions - H.R.5078 - 119th Congress (2025-2026): PILLAR Act[2]CISA — State and Local Cybersecurity Grant Program (SLCGP)[3]House Committee on Homeland Security — ICYMI: Committee Advances Legislation to…[4]National Association of Counties (NACo) — Support Reauthorization of the State…

Analyzed as
Policy-Beat Journalist
Published
14 Nov 2025
Updated
14 Nov 2025
Tags
Overton Window · Cybersecurity · CISA
Unvetted
01 · Section

Summary

Current placement: Mainstream. The bill reauthorizes an already‑established SLTT cyber grant program created in 2021 and widely used through FY2025, and it advanced from the House Homeland Security Committee with bipartisan backing (21–1) and was placed on the Union Calendar on November 12, 2025. [2]CISA — State and Local Cybersecurity Grant Program (SLCGP)[5]Recorded Future News (The Record) — With less than a month to go, House panel v…[1]Congress.gov — Actions - H.R.5078 - 119th Congress (2025-2026): PILLAR Act

Policy content fits prevailing practice. It extends program authority to 2035 and updates eligibility/uses to include operational technology and AI, aligns with Secure‑by‑Design guidance, and adds supply‑chain restrictions tied to “foreign entities of concern”—all of which track current federal cybersecurity norms. [6]Congress.gov — Text — H.R. 5078 (Reported in House), Union Calendar No. 328[7]CISA — Secure by Design[8]LII / Cornell Law School — 42 U.S.C. §19237 — Definitions (incl. “foreign entit…

Public and expert context favors acceptability: Americans consistently rate cyber threats to critical infrastructure as a top national‑security concern, and federal watchdogs have documented both the grant program’s utility and the cost‑share/sustainment challenges that reauthorization aims to stabilize. [9]Gallup — In U.S., Cyberdisruption Most Critical Threat[10]MITRE — MITRE–Harris Poll Finds U.S. Public Is Worried about the Security of Ou…[11]U.S. GAO — Cybersecurity: DHS Implemented a Grant Program to Enable SLTT Govern…

02 · Section

Forces shaping acceptability

Actors and narratives currently pushing or pulling the proposal within the Overton Window.

  • Congressional leadership (Homeland Security Committee). Chairman Garbarino (R) framed the package as preserving “essential tools” and highlighted SLTT needs; the committee advanced PILLAR on a near‑unanimous vote. This sets a bipartisan floor for acceptability. [3]House Committee on Homeland Security — ICYMI: Committee Advances Legislation to…[5]Recorded Future News (The Record) — With less than a month to go, House panel v…
  • Sponsors/cosponsors across parties. H.R. 5078 was introduced by Rep. Ogles (R) with Garbarino (R), Swalwell (D), and Evans (R‑CO); later actions include reporting and placement on the Union Calendar—signals of institutional support. [12]Web search · turn 5 #0[1]Congress.gov — Actions - H.R.5078 - 119th Congress (2025-2026): PILLAR Act
  • Executive branch/CISA/NIST. The program reups a CISA–FEMA grant that distributed the final tranche in FY2025; NIST’s 2024 CSF 2.0 underpins many eligible activities (governance, MFA, incident response), reinforcing technocratic consensus. [2]CISA — State and Local Cybersecurity Grant Program (SLCGP)[13]NIST — NIST Releases Version 2.0 of Landmark Cybersecurity Framework
  • State and local government coalitions (NASCIO, NCSL, NACo). Public letters and statements urge long‑term reauthorization with robust appropriations—broadening elite consensus beyond Washington and normalizing the program as routine intergovernmental finance. [4]National Association of Counties (NACo) — Support Reauthorization of the State…[14]National Conference of State Legislatures (NCSL) — Coalition Supports Reauthori…[15]NASCIO — NASCIO Supports Reauthorization of State and Local Cybersecurity Progr…
  • Industry/security community. Trade associations and firms (e.g., TechNet, ITI, Palo Alto Networks, Wiz) endorsed reauthorization; their support mainstreams provisions on OT/AI and Secure‑by‑Design expectations. [16]House Committee on Homeland Security — Committee Advances Chairman Garbarino, R…[17]Web search · turn 13 #5
  • Watchdogs and risk salience. GAO found the grant program met statutory review requirements but flagged sustainability and cost‑share burdens; federal alerts on water/OT threats keep demand for SLTT cyber capacity politically salient. [11]U.S. GAO — Cybersecurity: DHS Implemented a Grant Program to Enable SLTT Govern…[18]CISA — IRGC‑Affiliated Cyber Actors Exploit PLCs (Water/Wastewater alert)[19]U.S. EPA — EPA Enforcement Alert: Drinking Water Systems to Address Cybersecuri…
  • Civil‑liberties advocates (privacy/fusion centers). References in the bill to leveraging fusion centers may revive longstanding critiques about oversight and mission creep, a counter‑narrative that could limit appetite for more conditions on grants. [20]U.S. Senate PSI / HSGAC — Investigative Report Criticizes Counterterrorism Repo…[21]Web search · turn 12 #3
  • Administration context. While the administration has adjusted support to certain election‑related cybersecurity efforts, congressional coalition signals on SLTT cybersecurity remain broadly favorable—keeping this bill within mainstream bounds. [22]Associated Press — Trump administration halts funding for two cybersecurity eff…
03 · Section

Projection: potential Overton Window movement

  1. If the bill advances/passes:
  2. - Acceptability likely shifts modestly outward toward more prescriptive baselines for SLTT systems (e.g., MFA incentives, Secure‑by‑Design alignment, OT/AI inclusion). Expect adjacent ideas—state procurement restrictions on “foreign entities of concern,” identity/access standards, and continuous vulnerability management—to further normalize. [6]Congress.gov — Text — H.R. 5078 (Reported in House), Union Calendar No. 328[7]CISA — Secure by Design[8]LII / Cornell Law School — 42 U.S.C. §19237 — Definitions (incl. “foreign entit…
  3. - Stakeholder reinforcement. Continued endorsements from state CIOs, counties, and industry would entrench expectations that local utilities and agencies conform to NIST CSF 2.0 practices, widening policy space for targeted federal conditions on grants. [4]National Association of Counties (NACo) — Support Reauthorization of the State…[15]NASCIO — NASCIO Supports Reauthorization of State and Local Cybersecurity Progr…[13]NIST — NIST Releases Version 2.0 of Landmark Cybersecurity Framework
  4. - Agenda‑setting via risk signals. Ongoing federal alerts (water/OT, ransomware) sustain high salience and keep adjacent proposals—like direct technical assistance and incident‑reporting tie‑ins—within the “acceptable” zone. [23]Web search · turn 4 #2[24]Reuters — Complaints about ransomware attacks on US infrastructure rise 9%, FBI…
  5. If the bill stalls/fails:
  6. - Potential narrowing around federal role. A lapse would revive critiques about federal overreach or strings and could push the window inward toward state‑only solutions, even as SLTT exposure persists. GAO’s sustainment findings suggest some backsliding in local capacity without federal cost‑share. [11]U.S. GAO — Cybersecurity: DHS Implemented a Grant Program to Enable SLTT Govern…
  7. - Alternative pathways. Expect emphasis on CISA no‑cost services and ad hoc appropriations; however, without statutory reauthorization, multi‑year planning and rural pass‑through requirements (80%/25%) lose force, reducing uniformity across states. [2]CISA — State and Local Cybersecurity Grant Program (SLCGP)
04 · Section

Assessment

Net effect on the Overton Window: maintains the status quo with a slight outward nudge. Reauthorizing a familiar grant architecture keeps the concept in the mainstream, while explicit AI/OT coverage, Secure‑by‑Design alignment, and FEOC‑related restrictions marginally expand acceptance for prescriptive cybersecurity conditions on SLTT grants. [6]Congress.gov — Text — H.R. 5078 (Reported in House), Union Calendar No. 328[7]CISA — Secure by Design[8]LII / Cornell Law School — 42 U.S.C. §19237 — Definitions (incl. “foreign entit…

House Homeland Security Committee vote (markup)
21Yeas (1 Nay)
Placed on House Union Calendar
328Calendar No. (Nov. 12, 2025)
Original SLCGP appropriation
1000000000$ over FY2022–FY2025
Public: cyber disruption as a “critical threat”
79% of Americans
Public worried about CI security
81% of Americans
FBI: ransomware complaints vs. critical infrastructure (2024)
9% increase

Sources for metrics: committee/news and Congress.gov actions; CISA grant materials; Gallup/MITRE‑Harris polling; Reuters on FBI IC3 trends. [5]Recorded Future News (The Record) — With less than a month to go, House panel v…[1]Congress.gov — Actions - H.R.5078 - 119th Congress (2025-2026): PILLAR Act[2]CISA — State and Local Cybersecurity Grant Program (SLCGP)[9]Gallup — In U.S., Cyberdisruption Most Critical Threat[10]MITRE — MITRE–Harris Poll Finds U.S. Public Is Worried about the Security of Ou…[24]Reuters — Complaints about ransomware attacks on US infrastructure rise 9%, FBI…

05 · Section

Sourcing (selected)

Authoritative references used to ground the Overton assessment.

  • Bill text and status: Congress.gov (text as reported; actions/Union Calendar). [6]Congress.gov — Text — H.R. 5078 (Reported in House), Union Calendar No. 328[1]Congress.gov — Actions - H.R.5078 - 119th Congress (2025-2026): PILLAR Act
  • Program background: CISA SLCGP pages (funding timeline; pass‑through/rural requirements). [2]CISA — State and Local Cybersecurity Grant Program (SLCGP)
  • Standards/guidance: NIST CSF 2.0; CISA Secure‑by‑Design initiative. [13]NIST — NIST Releases Version 2.0 of Landmark Cybersecurity Framework[7]CISA — Secure by Design
  • Definitions: “foreign entity of concern” (42 U.S.C. 19237); AI definition (15 U.S.C. 9401(3)). [8]LII / Cornell Law School — 42 U.S.C. §19237 — Definitions (incl. “foreign entit…[25]LII / Cornell Law School — 15 U.S.C. §9401 — AI definition (National AI Initiat…
  • Political narrative: Committee statements/press on markup and stakeholder endorsements. [3]House Committee on Homeland Security — ICYMI: Committee Advances Legislation to…[16]House Committee on Homeland Security — Committee Advances Chairman Garbarino, R…
  • Stakeholder support: NASCIO, NACo, NCSL letters and pages. [15]NASCIO — NASCIO Supports Reauthorization of State and Local Cybersecurity Progr…[4]National Association of Counties (NACo) — Support Reauthorization of the State…[14]National Conference of State Legislatures (NCSL) — Coalition Supports Reauthori…
  • Risk salience: federal alerts on water/OT cyber threats; IC3 ransomware trends. [18]CISA — IRGC‑Affiliated Cyber Actors Exploit PLCs (Water/Wastewater alert)[19]U.S. EPA — EPA Enforcement Alert: Drinking Water Systems to Address Cybersecuri…[24]Reuters — Complaints about ransomware attacks on US infrastructure rise 9%, FBI…
  • Public opinion: Gallup and MITRE‑Harris polling on cyber and critical infrastructure. [9]Gallup — In U.S., Cyberdisruption Most Critical Threat[10]MITRE — MITRE–Harris Poll Finds U.S. Public Is Worried about the Security of Ou…
  • Counter‑narratives: Senate PSI/advocacy critiques of fusion centers. [20]U.S. Senate PSI / HSGAC — Investigative Report Criticizes Counterterrorism Repo…
Sources cited
  1. [1] Actions - H.R.5078 - 119th Congress (2025-2026): PILLAR Act Congress.gov
  2. [2] State and Local Cybersecurity Grant Program (SLCGP) CISA
  3. [3] ICYMI: Committee Advances Legislation to Bolster Cyber Resilience... House Committee on Homeland Security
  4. [4] Support Reauthorization of the State and Local Cybersecurity Grant Program National Association of Counties (NACo)
  5. [5] With less than a month to go, House panel votes to extend popular cyber programs Recorded Future News (The Record)
  6. [6] Text — H.R. 5078 (Reported in House), Union Calendar No. 328 Congress.gov
  7. [7] Secure by Design CISA
  8. [8] 42 U.S.C. §19237 — Definitions (incl. “foreign entity of concern”) LII / Cornell Law School
  9. [9] In U.S., Cyberdisruption Most Critical Threat Gallup
  10. [10] MITRE–Harris Poll Finds U.S. Public Is Worried about the Security of Our Critical Infrastructure MITRE
  11. [11] Cybersecurity: DHS Implemented a Grant Program to Enable SLTT Governments to Improve Security (GAO-25-107313) U.S. GAO
  12. [12] Web search · turn 5 #0
  13. [13] NIST Releases Version 2.0 of Landmark Cybersecurity Framework NIST
  14. [14] Coalition Supports Reauthorization of the State and Local Cybersecurity Grant Program National Conference of State Legislatures (NCSL)
  15. [15] NASCIO Supports Reauthorization of State and Local Cybersecurity Program NASCIO
  16. [16] Committee Advances Chairman Garbarino, Rep. Ogles Bills to Preserve Critical Cybersecurity Tools With Bipartisan Support House Committee on Homeland Security
  17. [17] Web search · turn 13 #5
  18. [18] IRGC‑Affiliated Cyber Actors Exploit PLCs (Water/Wastewater alert) CISA
  19. [19] EPA Enforcement Alert: Drinking Water Systems to Address Cybersecurity Vulnerabilities (May 2024) U.S. EPA
  20. [20] Investigative Report Criticizes Counterterrorism Reporting, Waste at State & Local Intelligence Fusion Centers U.S. Senate PSI / HSGAC
  21. [21] Web search · turn 12 #3
  22. [22] Trump administration halts funding for two cybersecurity efforts, including one for elections Associated Press
  23. [23] Web search · turn 4 #2
  24. [24] Complaints about ransomware attacks on US infrastructure rise 9%, FBI says Reuters
  25. [25] 15 U.S.C. §9401 — AI definition (National AI Initiative Act) LII / Cornell Law School

Discussion