Congress let a key cybersecurity law expire this week, leaving US networks more vulnerable

There’s a long list of reasons US stability is now teetering between “Fyre Festival” and “Charlie Sheen’s ‘Tiger Blood’ era.” Now you can add cybersecurity to the tally. A crucial cyber defense law, the Cybersecurity Information Sharing Act of 2015 (CISA 2015), has lapsed. With the government out of commission, the nation’s computer networks are more exposed for… who knows how long. Welcome to 2025, baby.

CISA 2015 promotes the sharing of cyber threat information between the private and public sectors. It includes legal protections for companies that might otherwise hesitate to share that data. The law promotes “cyber threat information sharing with industry and government partners within a secure policy and legal framework,” a coalition of industry groups wrote in a letter to Congress last week.

As Cybersecurity Dive explains, CISA 2015 shields companies from antitrust liability, regulatory enforcement, private lawsuits and FOIA disclosures. Without it, sharing gets more complicated. “There will just be many more lawyers involved, and it will all go slower, particularly new sharing agreements,” Ari Schwartz, cybersecurity director at the law firm Venable, told the publication. That could make it easier for adversaries like Russia and China to conduct cyberattacks.

Before the shutdown, there was support for renewal from the private sector, the Trump administration and bipartisan members of Congress. One of the biggest roadblocks was Sen. Rand Paul (R-KY), chairman of the Senate Homeland Security Committee. He objected to reauthorizing the law without changes to some of his pet issues. Notably, he wanted to add language that would neuter the ability to combat misinformation and disinformation. He canceled his planned revision of the bill after a backlash from his peers. The committee then failed to approve any version before the expiration date.

Meanwhile, House Republicans included a short-term CISA 2015 renewal in its government funding bill. But Democrats, whose support the GOP needs, wouldn’t support the Continuing Resolution for other reasons. They want Affordable Care Act premium tax credits extended beyond their scheduled expiration at the end of the year. Without an extension, Americans’ already spiking health insurance premiums will continue to skyrocket.

In its letter to Congress last week, the industry coalition warned that the expiration of CISA 2015 would lead to “a more complex and dangerous” security landscape. “Sharing information about cyber threats and incidents makes it harder for attackers because defenders learn what to watch for and prioritize,” the group wrote. “As a result, attackers must invest more in new tools or target different victims.”