119-HR-5078 Journalist Public Summary
119 · HR 5078 PILLAR Act
H.R. 5078 (the PILLAR Act) would renew and update federal cybersecurity grants that help states and local governments protect their networks—including operational technology and AI-enabled systems—while boosting support for small and rural communities and tightening purchasing rules to avoid risky vendors.
Headline Summary
The PILLAR Act keeps federal cybersecurity grants flowing to states and local governments through 2035, updates them for AI-era threats and critical infrastructure, and offers higher cost-sharing if communities adopt strong login protections like multi-factor authentication.
What It Does
In plain terms, this bill reauthorizes and modernizes the Department of Homeland Security’s CISA grant program that helps states, cities, counties, and tribes prevent and respond to hacks. It explicitly covers operational technology (like water plant controls) and systems that use artificial intelligence, encourages identity and access management (including multi-factor authentication), strengthens outreach to rural and small-population areas, allows direct funding to localities if states sit on the money too long, and restricts grant dollars from buying insecure or high‑risk tech (including products tied to certain foreign entities of concern or that don’t align with CISA’s “Secure by Design” guidance).
- Extends the program’s authorization and federal cost‑share through 2035.
- Adds AI-related definitions and makes AI-enabled and operational technology systems clearly eligible.
- Raises federal cost‑share to 65% (or 75% for multi‑entity groups) from FY2028–FY2035 if grantees implement multi‑factor authentication and related identity tools by October 1, 2027.
- Improves access for rural and small jurisdictions and requires targeted outreach by CISA.
- Lets local governments petition DHS for direct funds if a state hasn’t passed through required amounts within 60 days.
- Shifts references from a single sharing center to broader Information Sharing and Analysis Organizations (ISAOs).
- Calls for periodic GAO reviews, including how AI is being used across sampled grants.
Who’s For It
- Sponsors from both parties: Reps. Andrew Ogles (R‑TN), Andrew Garbarino (R‑NY), Eric Swalwell (D‑CA), and Gabe Evans (R‑CO). They frame the bill as keeping vital cyber funds going, modernizing for AI and industrial control systems, and prioritizing practical defenses like multi‑factor authentication.
- Bipartisan support in the House Homeland Security Committee, which voted 21–1 to advance the bill—an indicator that members in both parties view state and local cyber as a shared risk.
- Likely supportive stakeholders include many state, local, tribal, and territorial IT/security officials who rely on this grant stream for monitoring, patching, and incident response.
Who’s Against It
- Fiscal skeptics may object to extending federal cost-sharing through 2035 and to potential long‑term budget commitments by states and localities once grants are spent.
- Some state officials could view the direct‑to‑local funding backstop and alignment with federal guidance (like “Secure by Design”) as federal overreach into procurement and standards‑setting.
- Vendors tied to “foreign entities of concern,” or those whose products don’t align with CISA guidance, may oppose new purchasing limits that could raise costs or limit options for grantees.
- Privacy and civil-liberties advocates may scrutinize expanded monitoring and AI use, pressing for strong guardrails, transparency, and minimization—especially where tools touch citizen data or critical services.
What’s Next
As of November 12, 2025, the bill was reported by the House Homeland Security Committee and placed on the Union Calendar (No. 328). Next up is potential House floor debate and a vote. If it passes the House, it moves to the Senate; if both chambers pass it, it goes to the President.
Tone
Neutral, factual, and accessible—aimed at giving an ordinary voter a quick, clear picture without jargon.
Discussion