To reauthorize the Cybersecurity Act of 2015, and for other purposes.
Analysis under review: This bill has generated analysis that may be too generic or incomplete. Clause-level evidence remains available below.
Summary
The Widespread Information Management for the Welfare of Infrastructure and Government Act (WIM-WIG Act) reauthorizes the Cybersecurity Act of 2015 for another ten years (through 2035). It updates the law to address modern threats including ransomware and network prepositioning attacks, and explicitly allows the use of AI tools developed for cybersecurity purposes. The bill requires DHS to conduct outreach to help small and rural critical infrastructure operators understand how to share cyber threat information, and mandates biennial Congressional threat reports. It expands the types of technologies covered (including edge devices and IoT) and strengthens information-sharing protections between the government and private sector.
Evidence Chain:
This summary is generated from the full bill text using AI analysis. Expand "Detailed Analysis" below for identified beneficiaries/burden bearers.
At a Glance
What This Bill Does
Reauthorizes the Cybersecurity Act of 2015 through 2035, updates cybersecurity information-sharing frameworks between government and private sector, adds AI-related definitions and provisions, expands critical infrastructure protections including ransomware and prepositioning threats, and strengthens outreach to small and rural infrastructure operators.
Key Policy Areas
Technology, Defense, Government Operations
Primary Purpose
Reauthorizes the Cybersecurity Act of 2015 through 2035, updates cybersecurity information-sharing frameworks between government and private sector, adds AI-related definitions and provisions, expands critical infrastructure protections including ransomware and prepositioning threats, and strengthens outreach to small and rural infrastructure operators.
Policy Domains
Whole Bill - Cybersecurity Act Reauthorization and Modernization
Identified Gains
Contextual inference, no direct clause citation- Critical infrastructure operators (especially small and rural)
- Cybersecurity industry and AI-for-cybersecurity companies
- Sector Risk Management Agencies
- Federal government cybersecurity posture
Contextual inference, no direct clause citation
Identified Costs
Contextual inference, no direct clause citation- DHS (expanded outreach and reporting mandates)
- Federal entities sharing cyber threat indicators (updated compliance procedures)
- Entities handling personal information in shared threat indicators
Contextual inference, no direct clause citation
Sponsors
Legislative Progress
IntroducedMr. Garbarino (for himself and Mr. McCaul) introduced the following …
Impact analysis is available but no clear stakeholder effects identified. View clause-level analysis →
Bill Structure & Actor Mappings
Who is "The Secretary" in each section?
- "the_secretary"
- → Secretary of Homeland Security
- "the_attorney_general"
- → Attorney General
Key Definitions
Terms defined in this bill
Has the meaning given in section 5002 of the National Artificial Intelligence Initiative Act of 2020 (15 U.S.C. 9401).
Has the meaning given in section 1016(e) of Public Law 107-56 (42 U.S.C. 5195c(e)).
Has the meaning given in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650).
We use a combination of our own taxonomy and classification in addition to large language models to assess meaning and potential beneficiaries. High confidence means strong textual evidence. Always verify with the original bill text.
Learn more about our methodology