Senators Urge Cyber-Threat Sharing Law Extension Before Deadline
A push to extend a key cybersecurity law that enables information sharing between the private sector and government has gained bipartisan momentum in Congress.
A new bill introduced on Wednesday seeks to reauthorize the Cybersecurity Information Sharing Act (CISA) for another 10 years, before it expires in September.
The legislation, co-sponsored by Senator Gary Peters (D-Mich) and Senator Mike Rounds (R-SD), aims to preserve a legal framework that has helped businesses and federal agencies share threat intelligence without legal risk.
The original law, passed in 2015, has been central to several major cybersecurity coordination programs, including the Joint Cyber Defense Collaborative (JCDC).
What’s at Stake
The expiration of CISA would disrupt a system that many cybersecurity professionals consider foundational to US digital defense.
Without it, companies may be hesitant to report or share details about emerging threats, fearing legal liability or regulatory complications.
“CISA has been instrumental in streamlining information flows that strengthen national cybersecurity defenses,” said April Lenhard, principal product manager at Qualys.
“Renewing CISA for another decade will preserve the continuity of critical threat intelligence exchanges.”
Under the current framework, companies are encouraged (but not required) to share cybersecurity threat indicators with the federal government and each other.
The law also shields them from certain liabilities when doing so in good faith. Advocates say this balance of voluntary cooperation and legal protection has made CISA a practical tool amid an ever-growing number of cyber-attacks.
A Shifting Landscape
Although CISA has proven effective, experts stress that reauthorization should come with thoughtful updates.
Over the past decade, cyber-threats have become more sophisticated, and the risks tied to data handling and supply chain vulnerabilities have intensified.
“From a defender’s standpoint, the Cybersecurity Information Sharing Act has been one of the few legislative tools that truly moved the needle,” said Chad Cragle, CISO at Deepwatch.
He emphasized that letting the law lapse would “reintroduce hesitation at the wrong time.”
Some believe that the reauthorization process offers a chance to refine the law. Issues like privacy, international cooperation and the growing complexity of third-party vendors are all on the table for potential improvements.
Broad Industry Support
The bill enjoys wide support across the cybersecurity community.
Some of the reasons for this include:
- Clarifying legal reporting for private companies
- Enabling faster coordination via JCDC
- Strengthening trust between government and tech firms
- Promoting cross-industry collaboration through Information Sharing and Analysis Centers (ISACs)
“Cybersecurity is a team sport,” said Casey Ellis, founder of Bugcrowd.
“The Cybersecurity Information Sharing Act provides a safe framework for information sharing and underpins both public/private partnership sharing and the ‘in community’ sharing that powers US-based ISACs.”
With the clock ticking toward the law’s sunset in September, lawmakers and industry experts alike are calling for swift passage.
Whether the reauthorization will include updates to reflect current cybersecurity realities remains to be seen. But most agree on one thing: the cost of inaction could be high.