720-891-1663

AI, Alerts, Legal, Safety

If Congress Doesn’t Act Industry Won’t Share Attack Info with Feds

Leave a comment

Of the 99 calendar days between now and the end of the federal government’s year and the expiration of the cybersecurity information sharing law known as CISA 2015, the House will only meet on 27 of them and the Senate on 37 days.

During that time, they have to fund the government, raise the debt ceiling and approve bill that the Senate is shredding right now and that the president wants them to pass.

CISA 2015 is a law that shields private companies from liability if they share cyber attack information with the feds and controls the privacy of that data once the feds have it.

IF the law is not renewed, most companies will instantly stop sharing vulnerability and attack data. If they continue in the absence of the protections that the current law gives them and their investors find out … can you spell class action? It won’t be pretty.

On top of that the 2015 law handles 2010 threats. AI didn’t really exist at the time and isn’t comprehended. It also doesn’t deal with supply chain security. It is possible that the folks on Capitol Hill could just kick the can down the road (Congress never does that, right?) and renew the law as is for a year. That way it is no longer their problem and they can get back to what they do best – vacation.

Another challenge is a severe talent gap in cyber in the federal government. CISA, just as an example, has already lost one-third of their people. Who are the ones most likely to leave? The ones that will have three private sector job offers for more money before they reach the front door. Who is left? Well, not those people.

Big companies have gotten their lawyers to construct agreements to share attack data with the feds based on the CISA 2015 law. If the law expires there is no basis for such an agreement to be binding on the federal government. No protections, no sharing. You get the idea.

It is also possible that they could glue a renewal onto some other non-related bill package. The problem is that extending the current law is far from optimal and if they actually try to fix it, well, you know how well Congress functions these days.

I think we live in interesting times.

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2025 CyberCecurity, All rights reserved. Privacy Policy