Thursday, March 3, 2022

Review - HR 6825 Introduced – Nonprofit Grant Program

Last month, Rep Thompson (D,MS) introduced HR 6825, the Nonprofit Security Grant Program Improvement Act of 2022. The bill would amend 6 USC 609a, the Nonprofit Security Grant Program. The amendments include adding new allowed uses of the funds and requires FEMA to establish a program office to administer the grant program. The bill would increase the funding for the program and extends that funding through 2028.

The bill was approved yesterday by a voice vote in the House Homeland Security Committee after substitute language was approved. Among the changes made by the substitute is a provision that specifically includes the risk of “extremist attacks other than terrorist attacks and threats’ in the coverage of the grant program.

Moving Forward

Passage by voice vote in Committee indicates that there is at least some measure of bipartisan support for this bill. There was an attempt by Rep Higgins (R,LA) to express some concerns with this bill, but there was no follow-up at the end of the hearing. I suspect that the legislation will be considered in the Full House under the suspension of the rules process. It will probably pass with bipartisan support.


While §609a does currently allow for the use of grant funds for cybersecurity training {§609a(c)(2)} and ‘cybersecurity resilience activities’ {§609a(c)(2)}, that funding only extends to protection against terrorist attacks or threats of such attacks. The substitute language addition of ‘extremist attacks’ allows DHS to include threats from domestic groups without the political baggage of trying to identify domestic terrorist groups. This is almost certainly why there is no definition of the term ‘extremist attacks’.

Still, this does not address the expanding need for protection against non-terrorist (or even extremist) cyberattacks like ransomware attacks. This bill would have been an ideal place to include protection against ransomware attacks as an allowed use of grant funds. With this bill probably going to the Full House under the suspension of the rules process, the chances for amending the bill have essentially passed.

Perhaps it is time to change the definition of ‘terrorism’ to specifically include ransomware attacks.


For more details about the provisions of the bill and the substitute language, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */