Cyber Threat Data Sharing at Risk as Key U.S. Law Nears Expiration

Start Your Exam Prep Now

The U.S. federal statute that underpins much of the cyber threat intelligence exchange between government agencies and private companies is set to lapse on October 1, raising concerns about major disruptions in how the nation coordinates against digital threats.

Related story: U.S. Issues Warning on Hackers Exploiting Cisco Security Systems

Lawmakers Stalled on Renewal

Although the Cybersecurity Information Sharing Act (CISA) of 2015 has long enjoyed strong bipartisan backing, Congress has been unable to settle on whether to extend it as-is or implement changes. 

The law currently shields private firms from certain liabilities when they share cyber threat data with each other or with federal officials. 

Attorneys at WilmerHale warned in a September 15 client alert that if the measure expires, corporations may drastically reduce their participation in such exchanges.

“Without the critical protection for legal privileges—and the perceived need for liability and antitrust protections—private entities are less likely to voluntarily share information with the federal government or private entities due to a perceived increased risk,” the attorneys wrote. 

“The consequences could be significant, especially considering the fact that the private sector owns and operates most critical infrastructure in the United States.”

Senator Gary Peters, a Democrat from Michigan, underscored the urgency of keeping the authorities in place, saying the tools contained in the law are “critical to protecting our national and economic security from cyberattacks.” 

He emphasized that support spans party lines, pointing to leaders in the House, members of the Trump administration, and “a coalition in the Senate” who all favor a decade-long renewal. 

“It’s shameful we’ve reached this point — we need to pass a long-term clean extension immediately,” Peters added.

The White House has so far declined to comment on the matter.

Broader Political Backdrop

The impasse comes at a time when lawmakers are already consumed with negotiations to prevent a partial government shutdown. 

If a budget deal is not struck, hundreds of thousands of federal workers could be sent home without pay, and essential services across the country may face interruptions.

With the clock ticking, industry leaders and policymakers alike are warning that letting the law expire would send a chilling effect through private-sector cooperation on cyber defense—at precisely the moment when digital threats are multiplying.

Read next: JLR, Owned by Tata Motors, Starts Gradual Production Recovery After Cyberattack