Congress Extends Expired Cyber Laws in New Government Spending Deal

Two cybersecurity programs that previously expired are set to continue through September 30, 2026 under a new $1.2 trillion government funding bill.

The legislation includes temporary extensions of the 2015 Cybersecurity and Information Sharing Act and the State and Local Cybersecurity Grant Program, both of which received short-term reprieves last year.

Congressional interest in making these laws permanent remains active, but no agreement has been reached. Bills to reauthorize them with updates have moved through committees but have not been brought to a vote in either chamber.

The funding package buys time but does not resolve the underlying legislative delays.

Why It Matters: Programs that support threat data sharing and cybersecurity resources for local governments depend on legal certainty and consistent funding. Temporary fixes add pressure to agencies and companies operating in a space where clarity matters for compliance, risk management, and planning.

• Cyber Laws Temporarily Renewed After Lapsing: The bill extends the Cybersecurity and Information Sharing Act of 2015 and the State and Local Cybersecurity Grant Program through the end of the fiscal year. Both had expired but were previously included in a stopgap resolution in November. Their continued operation now depends on this funding measure passing Congress in the coming days.

• Disagreements Stall Long-Term Reauthorization: Lawmakers have introduced multiple proposals to extend the 2015 law. One House bill would renew it for ten years with limited changes. A Senate version offers similar terms but includes retroactive legal protections for companies that continued to share threat data after the law expired. In contrast, a separate draft from Sen. Rand Paul would eliminate those legal protections entirely.

• CISA Budget Set at $2.6 Billion with Staffing Requirements: The Department of Homeland Security budget allocates $2.6 billion to the Cybersecurity and Infrastructure Security Agency. While lower than past levels, it includes a directive requiring the agency to retain enough employees to meet its existing responsibilities. This follows staffing cuts that raised concerns about CISA’s ability to carry out its duties.

• Election Security Support Reinstated: The bill restores $39.6 million for election-related cybersecurity efforts. This includes support for regional advisers and for the Elections Infrastructure Information Sharing and Analysis Center, following the loss of federal backing under the Trump administration. The funding is intended to rebuild capacity for monitoring and protecting election systems ahead of upcoming voting cycles.

• Tech Modernization Fund Extension Faces Uncertain Passage: The package includes continued support for the Technology Modernization Fund, which helps agencies replace outdated systems. Despite movement in the House, the Senate remains on recess, leaving a narrow timeline for passage. Disputes over other parts of the bill could delay or block final approval.

Go Deeper -> Lawmakers move to extend two cyber programs (again) in funding proposal – The Record

Congressional appropriators move to extend information-sharing law, fund CISA – CyberScoop