Congress Seeks 10-Year Renewal of Cyber Threat Sharing Law

Lawmakers are pushing for a 10-year extension of the Cybersecurity Information Sharing Act of 2015 (CISA 15) after the law expired alongside the government shutdown Oct. 1 and then was renewed temporarily with the continuing resolution until January.

“You can’t do a piecemeal movement. We saw some of the problems [of CISA 15 lapsing] during the shutdown,” Sen. Gary Peters told Aspen Cyber Summit audience members last week.

Peters noted that without the law’s full authorization, organizations’ cyber response times and incident reporting to the Cybersecurity and Infrastructure Security Agency (CISA) slowed dramatically from 30 minutes to 24 hours.

“Twenty-four hours is a lifetime when it comes to cyber, and that’s simply unacceptable because we know the law works,” Peters said.

Peters and Sen. Mike Rounds last month introduced the Protecting America Against Cyber Threats (PAACT) Act, a bipartisan bill to renew critical cybersecurity provisions in CISA 15. The senators said they hope to advance the bill within a broader legislative package. More than 80 industry stakeholders have already expressed support for long-term reauthorization.

Rubrik Public Sector CTO Travis Rosiek told GovCIO Media & Research that consistent, timely information-sharing remains one of the most important tools for defenders, but only if it’s treated as a strategic capability rather than a compliance exercise.

“The adversary has no constraints. We should be figuring out how our processes and our laws don’t impede our effectiveness,” he said.