The potential expiration of a key cybersecurity law is looming as a government shutdown appears more likely. This law, the Cybersecurity Information Sharing Act of 2015, protects private companies from legal and regulatory penalties when they share cyber threat intelligence with federal agencies. Since its enactment a decade ago, this act has been a cornerstone of cybersecurity efforts, but its protections are set to expire on September 30 if Congress fails to renew it. Industry leaders and government officials have been pushing for its renewal for months, but the legislative process remains at a standstill, with Congress unable to reach a consensus. The looming expiration could disrupt the timely flow of critical cyber threat information, leaving the nation more vulnerable.
The political impasse stems from disagreements over both government funding and the specifics of the cybersecurity law itself. House appropriators had previously proposed a temporary funding plan that would have extended both government funding and the CISA law through November 21. This measure, however, failed to pass in the Senate. At the same time, a separate proposal was introduced by Senate Homeland Security Chairman Rand Paul, which sought a shorter extension and would have scaled back key liability protections for private companies. This version of the bill was controversial, as it would have also made sensitive data shared by companies discoverable through Freedom of Information Act (FOIA) requests, a significant concern for those in the industry.
Chairman Paul’s bill faced significant opposition, and a planned markup was ultimately canceled because it lacked the necessary votes from his colleagues, including some within his own party. The bill’s provisions, particularly the one stripping FOIA protections, were seen as a “poison pill” by many involved in the deliberations. The Cybersecurity and Infrastructure Security Agency (CISA), the nation’s primary cyberdefence agency, also expressed uncertainty about the proposed changes, although they publicly stated a willingness to accept any extension Congress chose to pass. The private sector, for its part, has expressed frustration with what they describe as a lack of engagement from Paul’s office on the matter, a claim his office denies.
As of now, Senate Republicans and Democrats on the Homeland Security panel have not been able to find common ground on how to proceed with a renewal of the information-sharing law. Paul’s office has stated that while the lack of consensus is accurate, it is not their fault, and that a clear path to extension exists through the continuing resolution that failed to pass. They accuse Democrats of preferring a government shutdown, even though Republican leadership would need bipartisan support in the Senate to pass any funding package.
The ongoing political stalemate leaves the future of the Cybersecurity Information Sharing Act in doubt. Without a clear path forward, the law is on track to expire. The result would be a significant setback for the cooperative relationship between the government and the private sector on cybersecurity issues, potentially hindering the country’s ability to respond to and defend against cyber threats. The dispute highlights the difficulty of passing bipartisan legislation in a divided Congress, even on issues of national security.
Reference:
