A bipartisan group of lawmakers is urging Congress to reauthorize the Cybersecurity Information Sharing Act (CISA 2015) before it expires on September 30. Members of the House Homeland Security Committee’s Subcommittee on Cybersecurity and Infrastructure Protection emphasized that the law has played a vital role in enabling industry and government to share cyber threat intelligence. The legislation offers statutory liability and privacy protections, which experts say have empowered technical leaders to share threat data more freely without fear of legal repercussions.
Despite support from Department of Homeland Security Secretary Kristi Noem, the path to reauthorization is not guaranteed. Lawmakers cited tight legislative timelines and uncertainty about which congressional leaders will champion the bill as barriers to timely passage. Subcommittee Chair Andrew Garbarino identified privacy as the greatest challenge, although a recent DHS inspector general report found no privacy breaches under the law in the last decade.
Several lawmakers called for a “clean reauthorization” of the bill, arguing that adjustments can be made in the future after renewal. Representative Eric Swalwell expressed concerns that the current system limits access to critical threat intelligence, since many technical personnel lack security clearances. He noted that CEOs often lack the technical expertise to understand specific threats, while engineers and cybersecurity professionals remain excluded. Swalwell also pointed to the imbalance in clearance protocols, where low-ranking individuals may hold top secret access while experienced professionals are denied timely information.
Other lawmakers echoed the call to expand access to threat intelligence by broadening eligibility for clearances within critical industries. Representative Andy Ogles supported revising the scope of information sharing to include more cybersecurity experts. The subcommittee agreed that more proactive threat sharing could improve infrastructure protection and national security resilience. As the September 30 deadline approaches, members emphasized that failure to reauthorize CISA 2015 would risk undoing a decade of progress in cybersecurity collaboration.
Reference:
