Skip to main content
Mallory
Mallory

Congressional Debate Over Cybersecurity Information Sharing Act Renewal

Cybersecurity Information Sharing Actcybersecuritycybersecurity policyinformation sharingreauthorizationCISAHomeland SecurityCongressSenaterenewallegislationnational strategycritical infrastructuregrant programfree speech
Updated December 16, 2025 at 10:01 PM2 sources

Get Ahead of Threats Like This

Know if you're exposed — before adversaries strike.

Congress is facing challenges in passing a long-term renewal of the Cybersecurity Information Sharing Act of 2015, a foundational law that provides legal protections for companies sharing cyber threat data with the federal government and each other. House Homeland Security Chairman Andrew Garbarino has emphasized the importance of renewing the act, which recently received a short-term extension after lapsing in October, but faces opposition from various factions in both the House and Senate. Disagreements center on whether to pass a 'clean' 10-year reauthorization or to introduce changes addressing concerns about the Cybersecurity and Infrastructure Security Agency (CISA) and free speech protections.

The ongoing debate has led to uncertainty about the future of the law, with the possibility of another short-term extension being considered as negotiations continue. Garbarino has also called for the Senate to renew a cyber grant program for state and local governments and highlighted the need for a comprehensive national cyber strategy. The legislative impasse reflects broader divisions in Congress over the direction of federal cybersecurity policy and the role of CISA in protecting critical infrastructure and managing information sharing.

Related Entities

Threat Actors

Salt Typhoon

Organizations

CisaHouse Homeland Security CommitteeSenate

Sources

the record media
House Homeland Security chairman keeps attention on cyber issues
December 16, 2025 at 12:00 AM
cyberscoop
Key lawmaker says Congress likely to kick can down road on cyber information sharing law
December 16, 2025 at 12:00 AM

Related Stories

Debate Over Extension of Cybersecurity Information Sharing Law

U.S. senators are pushing for a 10-year extension of the Cybersecurity Information Sharing Act of 2015 (CISA 2015), which was temporarily extended after the recent government shutdown but is set to expire at the end of January. Lawmakers argue that allowing the law to lapse would hinder the ability of companies and government agencies to share cyber threat data without legal risk, potentially undermining national cybersecurity efforts. Senators Mike Rounds and Gary Peters, who are sponsoring the reauthorization bill, emphasize that the law is crucial for enabling collaborative vulnerability hunting and patching, especially during 'hunt forward' missions conducted by U.S. Cyber Command. The proposed extension would maintain the law's current provisions, with only a name change, and is supported by the administration. However, the path to permanent reauthorization remains uncertain, raising concerns about the continuity of legal protections for cyber threat information sharing.

3 months ago

Efforts to Renew and Extend the Cybersecurity Information Sharing Act (CISA) After Its Expiration

Senator Gary Peters has introduced new legislation aimed at extending and renaming the expired Cybersecurity Information Sharing Act of 2015 (CISA), which lapsed following a government shutdown on October 1, 2025. The expiration of CISA has left a gap in liability protections for private sector organizations that share cyber threat information with the federal government, a key feature that had encouraged robust information exchange since the law's enactment in 2015. Peters' new bill, the Protecting America from Cyber Threats (PACT) Act, seeks to extend these protections for another ten years and includes retroactive provisions to cover the period during which the law was inactive. Industry groups and cybersecurity professionals have emphasized the critical importance of these liability protections, often citing CISA as one of the most effective pieces of cyber legislation ever passed. The lapse in CISA's authority has created uncertainty for organizations that continue to share threat data, raising concerns about potential legal exposure. The legislative process to renew CISA has been complicated by political gridlock, with both the Senate and House advancing competing funding bills and short-term extensions that ultimately failed, leading to the shutdown. Peters has engaged in direct discussions with Senate leadership, including Majority Leader John Thune, to advocate for a swift renewal. The new bill also addresses confusion among lawmakers who conflate the CISA law with the Cybersecurity and Infrastructure Security Agency, clarifying that the legislation pertains to information sharing, not agency reauthorization. The expiration of CISA has also impacted related programs, such as the State and Local Cybersecurity Grant Program, which similarly lost authorization during the shutdown. The Department of Homeland Security's Automated Indicator Sharing (AIS) system, which had served as the central hub for threat intelligence exchange under CISA, now operates without the legal framework that previously governed its activities. Peters and his colleagues have repeatedly sought unanimous consent in the Senate to pass a clean extension of the law, but partisan disagreements have stalled progress. The proposed PACT Act aims to reassure private entities that any information shared during the lapse will be protected from liability, thereby maintaining the flow of critical threat intelligence. The ongoing debate underscores the importance of real-time cyber threat information sharing in defending against persistent and evolving cyberattacks. As Congress continues to negotiate, the cybersecurity community remains concerned about the potential chilling effect on information sharing and the broader implications for national cyber defense. The outcome of these legislative efforts will determine whether the United States can sustain the collaborative public-private partnerships that have become central to its cybersecurity strategy.

5 months ago

Expiration and Temporary Extension of the Cybersecurity Information Sharing Act (CISA 2015)

The expiration of the Cybersecurity Information Sharing Act of 2015 (CISA 2015) on September 30, 2025, ended a decade-long legal framework that enabled safe and consistent sharing of cyber-threat intelligence between the U.S. government and private sector. The lapse has led to a significant reduction in the volume and speed of threat data exchanged, with industry groups and federal agencies reporting over a 70% decline in shared indicators of compromise and delays in alert dissemination. Key sectors such as healthcare, energy, and finance have experienced increased risks, including a rise in ransomware activity and slower responses to nation-state threats, as organizations hesitate to share information without the law’s liability protections. In response to the growing concerns, legislation to end the federal government shutdown includes a provision to temporarily extend CISA 2015 through January 30, 2026. The Senate has advanced this bill, which, if passed by the House and signed by the President, would restore the legal protections for information sharing, at least temporarily. Industry groups and cyber experts emphasize the urgent need for a more permanent solution, as the current extension is only a stopgap measure. Lawmakers are considering different approaches to amending and extending the law, with the Trump administration advocating for a 10-year extension without changes, while others propose significant reforms.

4 months ago

Get Ahead of Threats Like This

Mallory continuously monitors global threat intelligence and correlates it with your attack surface. Know if you're exposed — before adversaries strike.