This bill renews and updates the 2015 federal cybersecurity law. It pushes the government to share cyber threat information faster and more clearly with states, tribes, territories, and the private companies that run critical services like utilities and transportation. It also tells federal officials to keep their guidance up to date and to make it public, so people know how to act on new threats quickly . The bill lets federal experts offer technical help to non‑federal groups and, when needed, give one‑time classified briefings to select staff at critical infrastructure companies to better protect their systems. It broadens what’s covered to include industrial control systems, edge devices, and internet‑connected devices, including those hit by ransomware, and it makes clear that using artificial intelligence for cybersecurity purposes is allowed under the law.

The Department of Homeland Security must set up an outreach plan within 90 days to help especially small or rural critical infrastructure operators understand how to share threat information safely, remove personal data, and know the protections they have. The plan must also gather feedback to fix confusing rules. The bill also aims to speed up alerts across federal agencies when a major cyber threat is found .

Key points

• Who is affected: State, local, Tribal, and territorial governments; owners and operators of critical infrastructure; federal cybersecurity agencies.
• What changes: Faster, public updates to guidance; more real‑time threat sharing; technical assistance and limited classified briefings; clearer permission to use AI for cybersecurity; expanded coverage of devices and systems, including industrial and IoT equipment .
• When: DHS must launch the outreach plan within 90 days of the bill becoming law; policy and guidance updates are ongoing as needed .