US Cybersecurity Information Sharing Law Expires Amid Government Shutdown, Raising Industry Concerns

The Cybersecurity and Information Sharing Act (CISA) of 2015, which enabled private companies to share cybersecurity threat information with the federal government under legal protections, expired amid a government shutdown without congressional reauthorization. This expiration threatens to reduce voluntary information sharing, as companies lose liability and antitrust protections crucial for cooperation, potentially weakening national defenses against increasingly sophisticated cyberattacks. Senator Gary Peters and other bipartisan leaders have urged swift renewal, emphasizing the law's importance to protecting critical infrastructure and economic security, but efforts have stalled due to legislative disagreements. The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) lacks finalized plans to maintain its Automated Indicator Sharing program post-expiration, raising concerns about continuity in threat data exchange. Industry experts and legal analysts warn that without these protections, private sector participation will decline, posing significant risks to national cybersecurity. The ongoing impasse coincides with a broader government funding crisis, amplifying uncertainties around cyber threat coordination between private and public sectors.