On Wednesday, President Donald Trump signed a new government funding bill that will end the longest government shutdown in US history—and temporarily revive a major cybersecurity law that expired at the end of September.
The 2015 Cybersecurity and Infrastructure Security Act, or “CISA 2015”, guarantees liability and antitrust protections for organizations sharing cyber threat intelligence with one another and with federal agencies.
Since the Act expired in September, organizations have been able to share threat intelligence with government agencies, but haven’t been entitled to these protections.
At the time, several security companies committed to continuing to share threat data in order to enable cross-sector collaboration and cyber-defense. However, many in the industry voiced concerns that the lack of protection could deter companies from sharing threat intelligence, which would result in the government receiving less information about cyberattacks.
“Further delays in renewing this program will only serve to entrench information-sharing silos between government and industry and needlessly set back United States’ overall cybersecurity posture,” said Henry Young, Senior Director of Policy at the Business Software Alliance (BSA).
The temporary revival of CISA 2015 may ease some of these concerns for now, but many cybersecurity professionals are calling for a long-term solution.
In a statement, Frank Cilluffo, Director of the McCrary Institute for Cyber and Critical infrastructure Security, said that the impact of CISA 2015’s reauthorization “cannot be overstated.”
“But this is only a short-term fix,” Cilluffo added. “Congress must move quickly to enact longer-term reauthorizations to provide the continuity needed to defend and protect critical systems from growing cybersecurity threats.”
Andrew R. Garbarino, House Committee on Homeland Security Chairman, said that he looks forward to working alongside the House and Senate to “find long-term solutions for reauthorizing these vital DHS authorities.”
