US Cyber and Surveillance Legislation Developments: FISA Section 702 Reform Push and CISA 2015 Extension
US lawmakers moved on multiple fronts affecting cybersecurity and data governance. Senators Dick Durbin and Mike Lee planned to reintroduce the SAFE Act to reform FISA Section 702, which authorizes warrantless targeting of foreigners’ communications but can incidentally collect Americans’ data; the proposal would add a warrant requirement for queries of U.S.-person data and would narrow/clarify which communications service providers can be compelled to assist with collection as Section 702 approaches another expiration deadline.
Separately, the Cybersecurity Information Sharing Act of 2015 (CISA 2015)—which provides a legal framework and liability/FOIA protections for sharing cyber threat indicators and defensive measures with the US government and private entities—was extended via a February 3, 2026 funding bill, pushing its sunset from late January 2026 to September 30, 2026. A third, unrelated policy development saw 40 state attorneys general criticize a House version of the Kids Online Safety Act (KOSA) as insufficient to protect minors online, citing gaps versus the Senate bill (including a weaker or absent duty of care and fewer enumerated harms) and raising concerns about federal preemption of stronger state laws.
Sources
Related Stories
US Cyber and Intelligence Policy Debates Over Surveillance Authorities and Leadership Vacancies
US national security officials and lawmakers are weighing the future of key cyber and intelligence authorities and leadership posts. Lt. Gen. Josh Rudd, nominated to lead **NSA** and co-lead **U.S. Cyber Command**, told the Senate Intelligence Committee he supports **FISA Section 702**, arguing the foreign-intelligence collection authority is “indispensable” for threat insight and has “saved lives,” even as critics continue to press for warrant requirements when querying incidentally collected US-person communications. Separately, a Senate panel heard testimony describing how the US military has formalized a “**non-kinetic effects cell**” to integrate cyber operations, electronic warfare, and influence activities into mission planning and execution, with officials citing an operation in Venezuela that included cyber effects against radar, internet, and the power grid to induce a temporary blackout. A parallel policy dispute is playing out around domestic cyber defense leadership and information-sharing frameworks. An *SC Media* opinion column argues the Senate’s failure to confirm (and subsequent expiration of) Sean Plankey’s nomination as **CISA director** has prolonged a leadership vacuum during heightened critical-infrastructure risk, and it also highlights uncertainty around reauthorizing the **Cybersecurity Information Sharing Act of 2015** amid political resistance to a “clean” long-term extension. Overall, the reporting and commentary point to governance and oversight decisions—surveillance authorities, operational cyber integration, and agency leadership—that could materially affect US cyber posture, but they do not describe a discrete breach, vulnerability disclosure, or active threat campaign.
1 months agoDebate Over Extension of Cybersecurity Information Sharing Law
U.S. senators are pushing for a 10-year extension of the Cybersecurity Information Sharing Act of 2015 (CISA 2015), which was temporarily extended after the recent government shutdown but is set to expire at the end of January. Lawmakers argue that allowing the law to lapse would hinder the ability of companies and government agencies to share cyber threat data without legal risk, potentially undermining national cybersecurity efforts. Senators Mike Rounds and Gary Peters, who are sponsoring the reauthorization bill, emphasize that the law is crucial for enabling collaborative vulnerability hunting and patching, especially during 'hunt forward' missions conducted by U.S. Cyber Command. The proposed extension would maintain the law's current provisions, with only a name change, and is supported by the administration. However, the path to permanent reauthorization remains uncertain, raising concerns about the continuity of legal protections for cyber threat information sharing.
3 months ago
US Lawmakers Seek Short-Term Extension of Key CISA Cybersecurity Authorities Amid Agency Leadership Turmoil
Congressional leaders introduced a compromise federal funding package that would **temporarily extend two major U.S. cybersecurity authorities**—the 2015 *Cybersecurity and Infrastructure Security Act* (which provides liability protections intended to encourage private-sector cyber threat information sharing with the federal government) and the **State and Local Cybersecurity Grant Program**—through **September 30**. The proposal follows prior stopgap extensions after the statutes lapsed, and comes as lawmakers debate longer-term reauthorization options, including competing House and Senate proposals and a draft approach from Sen. Rand Paul that would remove the original law’s liability protections. Separately, reporting highlighted **internal leadership instability at CISA**: acting director **Madhu Gottumukkala** reportedly attempted to remove or reassign CISA CIO **Robert Costello** via a management-directed reassignment, but was blocked after objections from other political appointees within DHS. The episode adds to concerns about decision-making and turnover at the agency at a time when CISA is responsible for coordinating federal cyber defense, incident response support, and collaboration with state, local, and private-sector partners—functions that could be affected by sustained leadership disruption.
1 months ago