A coalition that includes the American Public Power Association is urging Congress to reauthorize the Cybersecurity Information Sharing Act of 2015 before it expires on September 30, 2025.
Reauthorizing CISA 2015 is a top policy priority for the Protecting America’s Cyber Networks Coalition, the May 13 letter said.
“If CISA 2015 lapses, the U.S. will encounter a more complex and dangerous security environment,” the coalition said. “A variety of foreign cybercriminals are targeting our advanced commercial capabilities, critical infrastructure, and economic well-being through various tactics, such as phishing and ransomware.”
“Malicious hackers target both large national corporations and local branches, offices, and warehouses. Their attacks impact individual businesses, people, and their surrounding communities,” the letter said.
Sharing information about cyber threats and incidents “complicates attackers’ operations because defenders learn what to monitor and prioritize. Consequently, attackers are forced to invest more in new tools or target different victims.”
CISA 2015 helps defenders improve their security measures while raising costs for attackers, the coalition said.
Congress passed CISA 2015 with bipartisan support from both parties and the administration, the letter noted.
“This important cybersecurity law enables private entities to increase their protection of data, devices, and computer systems while promoting the sharing of cyber threat information with industry and government partners within a secure policy and legal framework. CISA 2015 also provides protections for businesses related to public disclosure, regulatory issues, and antitrust matters to promote the timely exchange of information between public and private entities. Industry and government have a strong record of safeguarding privacy and civil liberties under this legislation.”
CISA 2015 “is a cornerstone of American cybersecurity. It enhances businesses’ ability to respond swiftly to today’s cyber threats, including tackling cybersecurity issues and addressing them at scale. Lawmakers must send the CISA 2015 reauthorization legislation to the president to continue ensuring that businesses have legal certainty and protection against frivolous lawsuits when voluntarily sharing and receiving threat indicators and taking steps to mitigate cyberattacks,” the letter said.
The coalition noted that since the implementation of CISA 2015, collaboration in cybersecurity has improved significantly in several ways, including encouraging the development and/or the expansion of information sharing and analysis centers, or ISACs, across multiple sectors.
“These centers serve as hubs for sharing cybersecurity information within specific industries, thereby boosting sector-specific threat detection and response capabilities.”
Cyber incidents “underscore the need for legislation that helps businesses augment their understanding of cybersecurity threats and strengthen their protection and response capabilities in collaboration with government entities,” APPA and the other groups went on to say.
“It is encouraging that leading members of the House and Senate Homeland Security and Intelligence committees advocated for the renewal of CISA 2015. The Coalition is dedicated to collaborating with the Trump administration and lawmakers to swiftly reauthorize CISA, thus enhancing national security and bolstering the resilience and protection of the U.S. business community. Congressional action is urgently needed,” the letter said.
House Subcommittee Holds Hearing on Reauthorizing CISA 2015
The House Homeland Security Committee’s Subcommittee on Cybersecurity and Infrastructure Protection recently held a hearing entitled, “In Defense of Defensive Measures: Reauthorizing Cybersecurity Information Sharing Activities that Underpin U.S. National Cyber Defense.”
At the hearing, there was unanimous support among both members of the committee and witnesses for reauthorizing CISA 2015.
Subcommittee Chairman Andrew Garbarino (R-NY) said that the “liability and privacy protections provided by the law have facilitated better information sharing” and “help[ed] secure networks and improve[d] our overall cybersecurity posture.” Subcommittee
Ranking Member Eric Swalwell (D-CA) said it was “rare” to see such a “wide consensus on any topic, but on the issue of reauthorizing CISA 2015, [he’s] received a very clear message from everyone [he has] talked to: Do. Not. Let. It. Lapse.”
Similarly, when asked what would happen if the law were allowed to lapse, witnesses said that the willingness of entities to share cyber threat information would be drastically reduced and that it would happen more slowly. “That hesitation would be a gift to our adversaries,” said Karl Schimmeck, Executive Vice President, Northern Trust.
