Beyond the Shutdown: Navigating the Next Chapter for Government Cybersecurity, Information Sharing, and Opportunities for State and Local Governments (U.S.)

By Spencer Reeves · December 8, 2025

The backdrop

On November 12, the Senate voted on a House of Representatives bill to reopen the government after a more than 40-day shutdown. The shutdown occurred at a crucial time for cybersecurity, as key information-sharing mechanisms and funding pathways were set to expire on September 30.

The Cybersecurity and Infrastructure Security Act of 2015 (also known as CISA 2015—not to be confused with CISA the agency) and the State and Local Cybersecurity Grant Program (SLCGP) were among the provisions that expired but have since been renewed.

The stakes

CISA 2015, in short, provided legal pathways for voluntary information sharing between private industry and the government. It included a number of protections that made the private sector feel safe in sharing information. These protections included exemption from disclosure under FOIA, exemption from antitrust laws for sharing cyber threat indicators among businesses, and liability protections for private entities, among others.

While a lapse in these provisions did not exclusively mean that information sharing would end, it could have subjected it to additional risks—recreating the environment for information sharing that existed prior to the passage of CISA 2015. At the moment, CISA 2015 is extended through the end of January 2026, with hopes for further extension.

The State and Local Cybersecurity Grant Program (SLCGP) is another crucial program that lapsed during the shutdown and is currently renewed through the end of January. Administered at the federal level by FEMA and the Cybersecurity and Infrastructure Security Agency, this program provides funding to state and local governments to address gaps in cybersecurity preparedness in the face of increasing threats from criminal and nation-state actors. States apply for the money and match funds to increase its impact.

To further bolster the importance of the SLCGP, the House of Representatives passed the Protecting Information by Local Leaders for Agency Resilience Act, also known as the PILLAR Act. The PILLAR Act extends the program through fiscal year 2035, and expands the scope to include operational technology systems while simultaneously encouraging the adoption of artificial intelligence. The measure has been sent on to the Senate which has put forth its own bipartisan bill to reauthorize this program. Trellix will continue to monitor developments on this program’s reauthorization.

Things to watch

Although the reauthorization of both of these items is overall good news for the cybersecurity community, there is still work to be done.

First and foremost, the Cybersecurity Information Sharing Act is still set to expire at the end of January. Further delay in finding a long-term solution to its crucial provisions could lead to another lapse, which could be detrimental. A number of options are on the table, with numerous groups (and the White House) pushing for a clean 10-year reauthorization. Another option on the table is the Widespread Information Management for the Welfare of Infrastructure and Government Act or WIMWIG Act, brought forth by Congressman Andrew Garbarino of New York. The WIMWIG Act builds upon CISA 2015 by reauthorizing many of its key elements, while also incorporating artificial intelligence integration, introducing enhanced accountability for federal agencies, focusing more on critical infrastructure protection, and modernizing definitions to cover threats like ransomware and prepositioning activities.

The SLCGP, on the other hand, is more promising in its rebirth as the PILLAR Act. However, the current reauthorization lacks associated funding. Numerous industry associations, including the Alliance for Digital Innovation (ADI), Better Identity Coalition (BIC), Cybersecurity Coalition, Information Technology Industry Council (ITI), and TechNet (Three of which Trellix is a member), recommended to the government to fund the program with $4.5 billion over two years—a small figure in comparison to defense spending. A Senate passed reauthorization is crucial to the continued operation of this program, something we are watching closely.

Trellix will continue to advocate with industry partners for viable, sensible, and long-term solutions on both of these issues. To learn more about how Trellix empowers federal agencies to secure more, spend less, and move faster visit: https://www.trellix.com/solutions/public-sector/.