This bill reauthorizes the Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance Program, originally established under the Infrastructure Investment and Jobs Act, and expands its funding and scope. It defines terms related to cyber threats, eligible entities, and program mechanics, and lays out how the Secretary will provide technical assistance and funding to protect electric utilities from cybersecurity threats.
The act also emphasizes information sharing and places protections on information disclosures, with an authorized appropriations ceiling through 2030 to support these efforts.
At a Glance
What It Does
The bill amends Section 40124 of the Infrastructure Investment and Jobs Act to maintain and fund a grant and technical assistance program for rural and municipal electric utilities, enabling deployment of advanced cybersecurity technology and participation in threat information sharing.
Who It Affects
Eligible entities include rural electric cooperatives, municipally owned utilities, utilities owned by state or local authorities, not-for-profit entities in partnerships with multiple eligible entities, and certain small investor-owned utilities that sell under 4 million MWh/year.
Why It Matters
By concentrating resources on utilities that are critical to rural reliability and with limited cybersecurity resources, the bill aims to reduce outage risk, strengthen grid resilience, and improve visibility into cyber threats through information sharing.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance Program is being reauthorized and financed through 2030. The bill updates definitions to cover what counts as advanced cybersecurity technology and who qualifies as an eligible entity.
Eligible entities are primarily electric utilities with some specific ownership structures, including rural electric cooperatives, municipally owned utilities, and certain small investor-owned utilities; not-for-profit entities can participate if they partner with six or more eligible entities. The program, administered by the Secretary, will provide technical assistance and funding—through grants, cooperative agreements, and prizes—to deploy cybersecurity capabilities and to support threat information sharing.
The Five Things You Need to Know
The bill authorizes $250,000,000 for fiscal years 2026 through 2030 to fund the Program.
Eligible entities include rural electric cooperatives, Municipally owned utilities, utilities owned by state or local authorities, partnerships of not-for-profits with six or more eligible entities, and small investor-owned utilities under 4,000,000 MWh/year.
The Secretary may award funding on a competitive or noncompetitive basis and may enter into agreements to advance program objectives.
Priority funding goes to entities with limited cybersecurity resources or assets critical to the bulk-power system, including defense critical electric infrastructure.
Information shared under the program is protected from disclosure under FOIA and similar laws.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short Title
Section 1 designates the act as the Rural and Municipal Utility Cybersecurity Act. This establishes the formal name for the amended framework without altering substantive policy beyond the reauthorization.
Definitions and program scope
Section 2(a) defines key terms used throughout the amended section, including Advanced Cybersecurity Technology, Bulk-Power System, Cybersecurity Threat, and Defense Critical Electric Infrastructure. It also specifies the list of Eligible Entities and ties them to the newly defined Program, ensuring a clear boundary for eligibility and scope.
Establishment of the Program
Section 2(b) codifies the establishment of the Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance Program. The Secretary will administer a program to provide technical assistance and award funding (grants, cooperative agreements, and prizes) to eligible entities to protect electric utilities from cyber threats.
Program objectives
Section 2(c) sets two core objectives: deploying advanced cybersecurity technologies on electric utility systems and increasing participation in cybersecurity threat information sharing programs. The language ties technology deployment to resilience and situational awareness across the grid.
Awards and funding process
Section 2(d) outlines how the Secretary will provide technical assistance and funding, criteria for awards, and the ability to enter into agreements with eligible entities. It also requires a process to inform eligible entities about opportunities, with the option for competitive or noncompetitive funding pathways and flexible grant mechanisms.
Protection of information
Section 2(e) preserves confidentiality for information shared under the program by deeming it voluntarily shared and exempt from disclosure under FOIA and equivalent state laws. This protects sensitive cybersecurity data while enabling information exchange critical to resilience.
Appropriations
Section 2(f) authorizes $250,000,000 in appropriations for the period 2026–2030 to carry out the Program, signaling a multiyear commitment to rural and municipal utility cybersecurity improvements.
This bill is one of many.
Codify tracks hundreds of bills on Energy across all five countries.
Explore Energy in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Rural electric cooperatives gain access to grants and technical assistance to deploy cyber protections and modernize operations, improving reliability for rural customers.
- Municipally owned electric utilities receive funding and guidance to implement advanced cybersecurity technologies, strengthening local grid resilience.
- Small investor-owned utilities (those selling less than 4 million MWh/year) become eligible for federal support that can offset modernization costs.
- Not-for-profit entities in partnerships with multiple eligible utilities can leverage shared resources and expertise to execute large-scale cybersecurity projects.
- Ratepayers served by these utilities benefit from reduced outage risk and improved service continuity resulting from strengthened cyber defenses.
Who Bears the Cost
- Eligible entities that pursue program funding must finance the necessary cybersecurity upgrades and related operating costs, at least in part.
- Recipients may incur ongoing maintenance costs for new technologies and compliance activities associated with program requirements.
- Federal program administration cost is borne by the Government to run the grant and assistance program, including oversight and reporting.
- Some ratepayers could see incremental costs if increased rates are used to fund security investments, depending on utility rate design.
- Information-sharing obligations and security requirements may impose administrative and technical burdens on utilities when handling sensitive data.
Key Issues
The Core Tension
Balancing broad access to funding for diverse utilities with the need to concentrate scarce resources on entities with the greatest vulnerability and impact, while maintaining robust information-sharing protections without sacrificing accountability.
The bill advances a targeted, technology-forward approach to rural and municipal cyber resilience by reauthorizing funding and prescribing definitions that determine eligibility and program scope. However, the success of the program depends on appropriations consistency, appropriate targeting of funds to the utilities most in need, and effective risk-based prioritization.
The confidentiality provisions help incentivize information sharing but may raise questions about oversight and transparency, especially for donor agencies and the public utility commissions that oversee ratepayer funds. Additionally, the interaction between this program and broader federal electric infrastructure policy will shape deployment pace and the overall security posture of the bulk-power system.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.