A pair of senators have introduced bipartisan legislation to reauthorize a critical cyber threat data sharing law that is set to expire later this year absent further congressional action.
The existing Cybersecurity Information Sharing Act law approved by Congress in 2015 provides companies protections to share cybersecurity threat information with the Department of Homeland Security and with each other through formal and informal channels.
The Cybersecurity Information Sharing Extension Act, introduced by Sens. Gary Peters, D-Mich., and Mike Rounds, R-S.D., would extend the 2015 act to 2035. The existing law is set to expire on Sept. 30 of this year.
“As cybersecurity threats grow increasingly sophisticated, information sharing is not just valuable – it remains essential for our national security,” said Sen. Peters in a statement.
“For the past ten years, these critical protections have helped to address rapidly evolving cybersecurity threats, and this bipartisan bill will renew them so we can continue this collaborative partnership between the private sector and government to bolster our nation’s cybersecurity defenses against a wide range of adversaries,” he continued.
Information shared through the law is provided to state and local governments, the Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative, and to various Information Sharing and Analysis Centers (ISACs).
It is unclear how much support the reauthorization will garner after cybersecurity issues have recently seen more partisan pressure, and some lawmakers have questioned the future role of CISA.
Senate Homeland Security and Governmental Affairs’ Chairman Rand Paul, R-Ky., has been critical of CISA, and promised last fall to limit the agency’s powers or eliminate it amid criticism of the information sharing act.
Meanwhile, Republicans on the House Homeland Security Committee have said that while they believe CISA has an important mission – and they don’t intend to shutter the agency – they want to get it back on track.
“Allowing this legislation to lapse would significantly weaken our cybersecurity ecosystem, removing vital liability protections and hampering defensive operations across both the defense industrial base and critical infrastructure sectors,” said Sen. Rounds in a statement.
According to a press release from the senator’s office, since the act’s introduction in 2015 it has been used to “address the SolarWinds cyberattack, operations like Volt Typhoon and Salt Typhoon, and to alert federal agencies to ongoing attacks from Russia, China, Iran, North Korea, and other attackers.”