On Tuesday, a coalition comprising 52 organizations from various sectors in the United States urged lawmakers to take immediate action to reauthorize the Cybersecurity Information Sharing Act (CISA), which is scheduled to expire on September 30. This law plays a crucial role in establishing a framework that enables federal agencies to receive and disseminate cyber threat information shared by businesses, thereby enhancing the nation's overall cybersecurity posture.

Originally enacted in 2015, CISA allows companies to share threat indicators freely with one another without the risk of violating antitrust laws. This critical provision not only fosters collaboration among businesses but also mandates that federal agencies remove personal information prior to sharing any collected data. Furthermore, the law explicitly prohibits the government from utilizing the shared data for regulatory purposes against the companies that provide it. The coalition argues that failing to renew CISA would expose the United States to an increasingly complex and dangerous cybersecurity environment.

In their letter to Congress, the coalition warned, “If the law expires, the U.S. will encounter a more complex and dangerous security environment.” They emphasized the importance of sharing information about cyber threats and incidents, stating that such collaboration complicates the operations of cyber attackers by providing defenders with critical insights on what to monitor and prioritize. In essence, CISA strengthens the defense mechanisms of organizations while simultaneously increasing operational costs for potential attackers.

For several years, both government officials and private sector leaders have expressed concerns that barriers to information sharing significantly hinder the U.S. from comprehensively understanding the cyber threat landscape and effectively blocking cyberattacks. The enactment of CISA was a pivotal move aimed at easing the communication process between companies and government entities regarding digital threats, all while prioritizing the protection of personal information.

The extensive list of signatories advocating for the reauthorization of CISA highlights the law's broad support from various segments of the private sector. Among the signatories are trade associations that represent nearly every critical infrastructure sector, including transportation, telecommunications, healthcare, energy, water, financial services, chemicals, entertainment, defense, retail, and technology. Notably, the healthcare industry’s information-sharing and analysis center, Health-ISAC, has also contributed its support, alongside groups representing healthcare IT executives and those advocating for open radio access networks (open RAN) in the wireless sector.

The U.S. Chamber of Commerce played a significant role in organizing this effort, underscoring the importance of CISA's reauthorization to the business community. Legal protections afforded by CISA are vital not only for public-private information sharing but also for private-to-private sharing, which forms the backbone of the cybersecurity threat intelligence industry that collaborates with governments worldwide to combat hacking attempts.

Ari Schwartz, managing director of cybersecurity services at the law firm Venable and a coordinator for the Cybersecurity Coalition—one of the signatories—stated, “Most of the use of it that we see every day in the private sector is tied to the protections for private-to-private cyber threat sharing.” He further noted that critical sectors, such as financial services and retail, depend heavily on these protections to exchange threat indicators. Furthermore, the Cyber Threat Alliance, which manages an information-sharing platform and creates research reports, also benefits from these legal safeguards. Prior to CISA's enactment, both sectors had raised internal technical antitrust concerns regarding such information exchanges.

If CISA were to expire, Schwartz expressed concerns that this could lead to significant disruptions in existing threat-sharing arrangements, potentially resulting in the termination of many of them altogether. This urgent call for reauthorization comes as lawmakers are beginning to scrutinize CISA and explore potential modifications as part of the reauthorization process.

Recently, the House Intelligence Committee received a classified briefing regarding the impacts of CISA, with panel leaders stating they aimed to streamline the information-sharing process to ensure its efficiency. Additionally, the House Homeland Security Committee's cyber subcommittee is scheduled to hold a hearing on the law this Thursday. Secretary of Homeland Security Kristi Noem indicated at the RSAC Conference in late April that the Trump administration supports the renewal of this essential law.