HR-7266-119
Placed on the Union Calendar, Calendar No. 545.
Sponsored by Mariannette Miller-Meeks (R-IA)
What it does
This bill would establish a federal program to help rural and municipal utilities — such as electric cooperatives, small water systems, and public power districts — strengthen their cybersecurity defenses. It would likely provide technical assistance, funding, or grants to help these smaller utilities identify vulnerabilities and implement protective measures against cyberattacks on critical infrastructure.
Who benefits
Rural and small-town residents who depend on utilities served by cooperatives or municipal systems. Small and mid-sized electric cooperatives, municipal water authorities, and public power districts that lack the resources of large investor-owned utilities. Federal cybersecurity agencies (such as CISA) that would gain a formal role in assisting these entities. Cybersecurity contractors and vendors who would provide services to newly funded utilities. Communities in underserved or remote areas that are often more vulnerable to infrastructure disruptions.
Who is hurt
Taxpayers who would bear the cost of any new federal spending or grant programs. Large investor-owned utilities that already fund their own cybersecurity programs and may face competitive disadvantage if smaller rivals receive subsidized assistance. Federal agencies tasked with implementation, which would absorb new administrative responsibilities. Potentially, state utility regulators whose oversight role could be reduced if federal standards preempt state requirements.
Supporters argue
Supporters argue that rural and municipal utilities operate critical infrastructure — including electricity and water systems — that serves tens of millions of Americans, yet these entities often lack the IT staff and budgets to defend against sophisticated cyberattacks. They contend that high-profile attacks like the 2021 Oldsmar, Florida water treatment facility breach demonstrate that small utilities are actively targeted and that a federal assistance program would close a dangerous security gap that market forces alone have not addressed.
Opponents argue
Opponents argue that cybersecurity is primarily a responsibility of the utilities themselves and their existing regulators, and that a new federal program risks duplicating efforts already underway through CISA, the Department of Energy, and the EPA. They contend that federal grant programs can create dependency, may not be efficiently targeted to the highest-risk systems, and that the bill's full text — and therefore its precise cost and scope — has not been made publicly available for adequate scrutiny.