Bipartisan legislation recently introduced in the U.S. Senate would extend the Cybersecurity Information Sharing Act (CISA) of 2015 for an additional 10 years.
CISA incentivizes companies to voluntarily share cybersecurity threat indicators with the Department of Homeland Security (DHS). Threat indicators include malware, software vulnerabilities and malicious IP addresses. The federal government and companies then take collaborative steps to prevent data breaches or attacks from cybercriminals and foreign adversaries.
Over the past decade, shared information has been used to address threats and alert federal agencies to ongoing attacks. The Cybersecurity and Infrastructure Security Agency’s Joint Cyber Defense Collaborative and various Information Sharing and Analysis Centers have shared information with state and local governments.
CISA also prevents individuals’ personally identifiable information from being included in threat information reports.
U.S. Sens. Mike Rounds (R-SD), Senate Armed Services Committee’s Subcommittee on Cybersecurity chairman, and Gary Peters (D-MI) introduced the bill.
“The Cybersecurity Information Sharing Act of 2015 has been instrumental in strengthening our nation’s cyber defenses by enabling critical information sharing between the private sector and government,” Rounds said. “Allowing this legislation to lapse would significantly weaken our cybersecurity ecosystem, removing vital liability protections and hampering defensive operations across both the defense industrial base and critical infrastructure sectors.”