Lawmakers urged to extend Cybersecurity Information Sharing Act (CISA) legislation
With the expiration of the Cybersecurity Information Sharing Act (CISA) looming on September 30, 2025, there is a growing bipartisan push for its reauthorization. The Act, enacted in 2015, has proven instrumental in bolstering the nation's cybersecurity defences by facilitating the sharing of threat information among private and public sectors.
**The Importance of CISA Reauthorization**
The impending expiration of CISA has sparked concerns among advocacy groups, such as the Hacking Policy Council and the National Association of Manufacturers (NAM), who are urging Congress to reauthorize the law. They emphasize the vital role CISA plays in enhancing the cybersecurity posture by enabling the rapid dissemination of actionable threat intelligence, fostering trust among cybersecurity personnel, and offering liability protections for sensitive information sharing.
**The Benefits of CISA**
CISA's provisions have proven beneficial in various ways. It enables the swift exchange of threat intelligence, allowing for more coordinated responses to cyber incidents and improved situational awareness across sectors. The law also offers legal protections that encourage companies to share sensitive information without fear of legal repercussions, and includes privacy safeguards to ensure that shared information is handled responsibly.
**The Consequences of Non-Reauthorization**
The potential lapse of CISA could disrupt trusted information-sharing partnerships, leaving private and government networks more vulnerable to cyber threats. The expiration could also send a negative signal to adversaries that the U.S. is retreating from coordinated cyber defence, potentially increasing the risk of successful attacks. Without CISA's protections, companies might hesitate to report vulnerabilities, which could lead to a decrease in the effectiveness of cybersecurity measures across the U.S.
**The Broad Support for CISA Reauthorization**
The broad list of signatories pressuring Congress to reauthorize CISA includes trade associations representing nearly every critical infrastructure sector. The U.S. Chamber of Commerce, for instance, has organized the effort, highlighting the widespread support for the law's continuation.
The House Homeland Security Committee's cyber subcommittee will hold a hearing on the law on Thursday, providing an opportunity for lawmakers to scrutinize CISA and consider its reauthorization. The Cyber Threat Alliance, an information-sharing platform, also benefits from CISA's protections, and financial services and retail-hospitality ISACs use CISA protections to exchange threat indicators.
In conclusion, the reauthorization of CISA is crucial for maintaining and enhancing the U.S. cybersecurity posture, particularly in facilitating private-to-private and public-private cooperation in information sharing. If CISA expires, the U.S. may encounter a more complex and dangerous security environment.
- The reauthorization of the Cybersecurity Information Sharing Act (CISA) is essential for ensuring the rapid dissemination of actionable threat intelligence and fostering trust among cybersecurity personnel, as advocated by groups like the Hacking Policy Council and the National Association of Manufacturers (NAM).
- technology plays a significant role in the benefits of CISA, as it enables the swift exchange of threat information, offers legal protections for sensitive information sharing, and includes privacy safeguards to ensure that shared information is handled responsibly, thereby improving cybersecurity across sectors.
%20legislation){kind=link}