The Future of Cyberthreat Sharing Post-CISA 2015: What’s Next?

As the expiration of a crucial cybersecurity statute looms, experts are expressing concern over the potential impact on public-private cyberthreat information sharing. The Cybersecurity Information Sharing Act (CISA) of 2015, set to expire at midnight on Tuesday, has provided essential liability protections for companies sharing cyberthreat indicators. Without intervention from Congress, its lapse could deter companies from sharing critical information due to increased legal risks, prompting apprehension among corporate attorneys and cybersecurity executives.

The expiration of CISA 2015 could lead to significant legal uncertainty, affecting the voluntary sharing of cyberthreat intelligence. The law had established vital liability protections and antitrust exemptions, facilitating threat information sharing between companies and the federal government. Industry experts, including Errol Weiss from the Health Information Sharing and Analysis Center, warn that the expiration could create a chilling effect, particularly in a litigious environment where shared information might be used in class action lawsuits against firms.

Despite these challenges, some organizations like the Information Technology-Information Sharing and Analysis Center (IT-ISAC) plan to continue sharing threat intelligence among members. However, the absence of the act could impact information exchange, especially between the industry and government. Michael Daniel of the Cyber Threat Alliance highlights that while a short-term lapse may cause temporary issues, prolonged inaction could severely disrupt information sharing, particularly for firms without established federal relationships.

House Republicans have attempted to extend CISA 2015 through a government funding bill, tying its reauthorization to the ongoing government shutdown negotiations. The impending federal shutdown, triggered by the fiscal year-end without new funding, adds another layer of complexity to the situation. Meanwhile, Senate Homeland Security Chairman Rand Paul opposes the reauthorization, seeking provisions to prevent alleged censorship by the Cybersecurity and Infrastructure Security Agency.

Efforts to reauthorize CISA 2015 continue, with the House Homeland Security Committee advancing a bill to extend the law for another decade. The proposed legislation includes provisions for sharing information with artificial intelligence developers and critical infrastructure operators. As discussions unfold, the cybersecurity community remains vigilant, advocating for a resolution that ensures continued robust cyberthreat information sharing.

The Future of Cyberthreat Sharing Post-CISA 2015: What’s Next?

New Stealthy Malware Alert: BabbleLoader Delivering WhiteSnake and Meduza Stealers!

CEOs Levy and Thomas Highlight Benefits of Sophos-Secureworks $859M Deal

CEOs Levy and Thomas Highlight Benefits of Sophos-Secureworks $859M Deal

Half a Million Alerted in Wheelchair Company Email Hack Scandal

Half a Million Alerted in Wheelchair Company Email Hack Scandal

Ransomware Attack Targets Workday for Salesforce Data Heist!

Ransomware Attack Targets Workday for Salesforce Data Heist!

Meta Strikes $14.2B AI Deal with CoreWeave for Cutting-Edge Infrastructure

AI Is Transforming EDI Compliance Services

5 Reasons AI-Driven Business Need Dedicated Servers – SmartData Collective

Meta Strikes $14.2B AI Deal with CoreWeave for Cutting-Edge Infrastructure

Meta Strikes $14.2B AI Deal with CoreWeave for Cutting-Edge Infrastructure

Horner Automation Cscape and XL4, XL7 PLC

Delta Electronics ASDA-Soft | CISA

Anviz Multiple Products | CISA

CISA Adds One Known Exploited Vulnerability to Catalog

AVEVA Pipeline Simulation | CISA

COORDINATOR OF NETWORK, CYBERSECURITY AND IT INFRASTRUCTURE