A critical US cyber law that had lapsed in September 2025 has received a short-term extension as part of the effort by lawmakers to reopen the US government following the prolonged shutdown.
The Cybersecurity Information Sharing Act (CISA 2015), which shields companies from legal liability when sharing cyber threat intelligence, is key in supporting cyber information sharing in the US and beyond.
Speaking to Infosecurity, Errol Weiss, CSO of the Health Information-Sharing Analysis Center (Health-ISAC), said it was “a good sign” that the CISA 2015 extension clause was included in the continuing resolution as it proved that “there is definitely support for the law.”
“When CISA 2015 expired on September 30 and we knew the budget wasn’t going to get passed, I feared that it was going to get lost in the more ‘serious’ issues of the budget. Now the two are tied together, we are back at it again until January,” Weiss said.
However, he also described the move as “a temporary patch” and urged the US Congress to “look at extending CISA 2015 permanently or at least for another 10 years.”
Weiss said that Act’s lapse at the end of September had almost no effect on the rate of information sharing within members of Health-ISAC, which he characterized as “in steady growth for years.”
However, he added, “The real hit we have seen has been with organizations’ willingness to share cyber threat information with the federal government.”
“I feel that we are seeing less coming from government partners, such as the FBI, the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA). This is due to several factors, which include the lapse of CISA 2015,” he explained.
Read the article in InfoSecurity Magazine. Click Here
