The Cybersecurity Information Sharing Extension Act, introduced by U.S. senators Gary Peters and Mike Rounds, seeks to prolong the provisions of the Cybersecurity Information Sharing Act of 2015 for an additional ten years. This legislation encourages businesses to share critical cybersecurity threat data with the federal government in order to bolster national security efforts and combat the increasing sophistication of cyber threats.
The original 2015 law, which is scheduled to expire in September, played a crucial role in enhancing national cybersecurity initiatives by providing legal protections for companies that shared threat information. This allowed federal agencies like the Cybersecurity and Infrastructure Security Agency (CISA) to effectively respond to cyberattacks and assist victims, including prominent incidents such as the SolarWinds attack and Chinese cyber campaigns. With the introduction of this new bill, the senators aim to ensure the continuation of these protections and prevent any legal risks for businesses engaged in cybersecurity data sharing.
Senator Peters emphasized the importance of renewing the law for the sake of national security, highlighting the collaborative efforts between government agencies and businesses in preventing data breaches and thwarting cybercriminal activities. Senator Rounds, who leads the Armed Services Subcommittee on Cybersecurity, echoed these sentiments, warning that the expiration of the law would weaken the cybersecurity landscape and compromise defense measures across critical sectors.
The potential passage of this bill would not only safeguard information sharing practices but also address privacy concerns by prohibiting the inclusion of personally identifiable information in threat reports. Additionally, the legislation ensures that threat data is shared with relevant entities like the Joint Cyber Defense Collaborative (JCDC) and industry-specific Information Sharing and Analysis Centers (ISACs). While cybersecurity experts like Deepwatch CISO Chad Cragle support the bill’s renewal, they suggest updating the law to better align with current privacy considerations, operational challenges, and supply chain realities.
In conclusion, the Cybersecurity Information Sharing Extension Act represents a critical step towards fostering collaboration between the private sector and government to tackle evolving cybersecurity threats. By extending the provisions of the 2015 law, policymakers aim to bolster national security efforts and protect businesses and individuals from malicious cyber activities. The bill not only reinforces information sharing practices but also prioritizes privacy protections in an era marked by escalating cyber risks.