DHS Secretary Urges Congress to Reauthorize CISA 2015

Federal leaders urged Congress to reauthorize the Cybersecurity and Information Sharing Act of 2015 (CISA 2015) — legislation developed to improve the nation’s cybersecurity posture by building trusted relationships between the public and private sectors — and extend the bill into 2035 before it’s set to expire in September to maintain a strong federal cyber posture amid growing cyber threats.

Bridget Bean, senior official performing the duties of CISA director, told GovCIO Media & Research in a statement that the information shared between public and private partners “empowers companies to defend their systems against cyber risks and supports a wide swath of CISA’s efforts in cybersecurity.”  

Progress with CISA 2015 Strengthens the Nation’s Cyber Posture 

CISA 2015 aimed to improve the nation’s cybersecurity posture by leveraging industry knowledge. The act encourages voluntary sharing of cyber threat information, like threat indicators and protective measures, across the public and private sectors. It also helps keep smaller bodies of government informed on how to protect their systems without increasing costs. 

Rep. Andrew Garbarino, subcommittee chairman, said during a House Cybersecurity and Infrastructure Protection Subcommittee hearing last week that without CISA 2015, the nation’s systems would be more vulnerable to cyber threats. He added that CISA, which the subcommittee oversees, has played a crucial role in creating the information-sharing partnerships.

“The liability and privacy protections provided by [CISA 2015] have facilitated better information sharing, helped secure networks and improved our overall cybersecurity posture,” said Garbarino in his opening statement. “There are valid concerns that without these protections, the private sector would be less willing to share cybersecurity information, either amongst themselves or with the federal government.”  

DHS Secretary Emphasizes Stronger Public-Private Partnerships 

Department of Homeland Security Secretary Kristi Noem also called on Congress to reauthorize the bill during her FY2026 budget hearing on Tuesday. Noem said public and private partnerships have grown because of the information-sharing guidelines established in CISA 2015. 

“We need [industry’s] expertise and knowledge … to make sure we’re prepared to secure our systems and our critical infrastructure,” said Noem during the hearing.   

She added that the federal government alone is not prepared to stop  large scale cyberattacks like Volt Typhoon or Salt Typhoon. With the help and knowledge of private partners, Noem said strong partnerships could help decrease costs and increase security measures.  

“We’re doubling down on the need to build private and partner with those individual industries that have the expertise and knowledge that we’ve lacked for so long, and they’re looking for some more abilities to do new things for this country,” said Noem.   

Noem urged Congress cleanly reauthorize the proposed 10-year extension to save time and prevent future cyber attacks. During the RSA 2025 Conference on April 29, Noem said she will call on industry to help streamline DHS’s approach to cybersecurity and threat information sharing.

“The Cybersecurity Information Sharing Act needs to be reauthorized. That was passed in 2015 and I’m going to ask for [industry’s] help immediately,” said Noem.