#cisa-2015

#cisa-2015

The United States' Cybersecurity Information Sharing Act of 2015 - CISA 2015 - which came within a hair's breadth of lapsing for good at the end of 2025, will now likely be extended through to the end of September as part of a Department of Homeland Security (DHS) funding package for 2026. The DHS Appropriations Act narrowly passed the House of Representatives on Thursday 22 January, overcoming Democrat objections to funding the controversial Immigration and Customs Enforcement (ICE) agency, which falls under the department's remit. It will head to the Senate where it is expected to be taken up before the end of the month.

These threats out-pace traditional Indicators of Compromise (IoCs) that were once a core tenant of information sharing strategy. With the CISA 2015 temporarily lapsing, this moment spotlights the ways in which the U.S. must rethink its cyber intelligence strategy - moving from reactive, infrastructure-based signals to proactive, behavior-driven insights that enable organizations to anticipate and disrupt attacks before they materialize.

Barring a last-minute deal, the US federal government would shut down on Wednesday, October 1, and the 2015 Cybersecurity Information Sharing Act would lapse at the same time, threatening what many consider a critical plank of US cybersecurity policy. The CISA Act of 2015 (not to be confused with the CISA Act of 2018, which established the government agency of the same name; the CISA referred to throughout this story is the Information Sharing law, not the agency) is due to expire 12:01 am ET on October 1, the same moment federal funding lapses absent a continuing resolution.