While Congress expects the partial government shutdown to be short, the disruption has already triggered a cybersecurity consequence: the lapse of two cornerstone federal authorities that support cyber threat information sharing and state and local cyber defense funding.
As appropriations for multiple agencies lapsed as of 12 a.m. Saturday, the authorities for the Cybersecurity Information Sharing Act of 2015 (CISA 2015) and the State and Local Cybersecurity Grant Program (SLCGP) also expired.
CISA 15 established a legal framework for government and the private sector to share cybersecurity threat data. The SLCGP disburses federal funds to state and local governments to bolster their cybersecurity defenses.
The lapse marks the second time in recent months that the programs have expired. Both authorities previously sunset at midnight on Sept. 30, 2025, but lawmakers temporarily extended them through Jan. 30 as part of the funding package that reopened the federal government.
Now, they have once again fallen victim to the appropriations stalemate, as both are tied to a Department of Homeland Security (DHS) funding bill that remains unresolved.
The Senate passed a funding package Friday that would fund non-DHS programs through Sept. 30 and extend DHS funding at current levels for two weeks, buying Congress additional time to negotiate.
President Donald Trump reached the agreement with Senate Democrats on Thursday following heightened political tensions after the deaths of two people protesting Immigration and Customs Enforcement activity in Minneapolis. Democrats have said they would not support a broader spending deal unless Congress considers reforms to immigration enforcement.
The House, however, must still vote on the funding package. Speaker Mike Johnson said he expects a floor vote early this week to end the partial shutdown.
Congress has already passed half this year’s funding bills, meaning that many federal agencies and programs continue to operate through September. But the repeated lapses of cyber-related authorities underscore how long-standing cybersecurity programs remain vulnerable to broader budget and political fights – even during what may be a short shutdown.