"OPINION - Ransomware attacks conducted by criminals are persistently hitting airports, schools, and 911 dispatch , while foreign adversaries probe our critical infrastructure every day. Yet, two programs designed to build national cyber readiness to combat these threats - one that underpins public-private threat sharing, the other that builds local cyber defenses - have now expired. Congress's inaction amid the government shutdown has left a widening gap in America's cyber defenses."
"Nearly a decade ago, Congress passed the Cybersecurity Information Sharing Act of 2015 (CISA 2015) to encourage private companies and government agencies to voluntarily share cyber threat indicators, which officially expired on September 30. It was a bipartisan response to rising state-sponsored hacking campaigns, and it provided a legal framework - and protections - that still govern how threat data flows across public and private networks today."
"One proposal, however, threatened to undermine the goals of the law. Senate Homeland Security Committee Chair Rand Paul's (R-KY) of CISA 2015 renewal would gut key legal protections - including liability and FOIA safeguards - and inject surveillance-related restrictions that have no place in cybersecurity law. His version would kill the trusted framework that enables timely, voluntary sharing of threat intelligence data, not improve it."
Two nationally significant cyber programs have expired, removing legal and operational support for public-private threat sharing and local cyber defenses. The Cybersecurity Information Sharing Act of 2015 lapsed on September 30, eliminating a bipartisan legal framework and protections for transmitting threat indicators across sectors such as energy, transportation, and healthcare. Without those protections, information sharing between companies and the federal government could drop severely, degrading national cyber situational awareness. Reauthorization efforts were underway but stalled amid the government shutdown. A proposed Senate renewal would strip liability and FOIA protections and add surveillance-related limits, undermining timely voluntary exchange of threat intelligence.
Read at The Cipher Brief
Unable to calculate read time
Collection
[
|
...
]