This week, Health-ISAC®‘s Hacking Healthcare® provides an update on the continuing U.S. government shutdown and negotiations around reauthorization of the Cybersecurity Information Sharing Act of 2015 (“CISA 2015”). We examine what has changed since the shutdown started, what to expect in the event the shutdown is resolved, and some approaches Health-ISAC members may wish to consider given the continuing lack of CISA 2015 protections.
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)
PDF Version:
Text Version:
Welcome back to Hacking Healthcare®.
CISA 2015 Reauthorization
Despite outspoken support from both Republicans and Democrats, Congress has yet to find a breakthrough to reauthorize CISA 2015.
In addition to efforts preexisting the shutdown, the most recent development was the introduction of the bi-partisan bill S.2983 – Extending Expired Cybersecurity Authorities Act.[i] This bill would cleanly reauthorize the CISA 2015 for another 10 years and would retroactively apply to October 1. Additionally, in an attempt to create distance between CISA 2015 and the Cybersecurity and Infrastructure Security Agency (“CISA”) with which it shares an acronym, the bill would rename CISA 2015 to the Protecting America from Cyber Threats Act. Importantly, S. 2983 has passed through the Rule 14 process, a procedure which allows it to be considered on the floor of the Senate without going through the Senate Homeland Security and Government Affairs Committee where Sen. Paul (R-KY) has continued to block attempts to move reauthorization forward.
Should the bill successfully pass through the senate, it may still have some hurdles to clear with Republicans in the House of Representatives. Some House Republicans have voiced similar concerns as Sen. Paul around the CISA agency, and they may seek to temper any CISA 2015 reauthorization bill, potentially by shortening the length of any reauthorization.
Finally, it appears that the potential reauthorization of CISA 2015 through the National Defense Authorization Act (“NDAA”), the annual “must pass” end of year legislative package, is in doubt. Neither the Senate NDAA nor the House of Representatives NDAA includes CISA reauthorization language. Democrats in the Senate pointed to Sen. Paul as the reason it failed to make the cut.[ii]
Shutdown: Cybersecurity and Infrastructure Security Agency (CISA) Personnel Reductions
The Trump administration’s remaking of the federal workforce has continued during the shutdown. With nearly 65% of CISA staff presumably furloughed as outlined in the Department of Homeland Security’s (“DHS”) shutdown plan,[iii] the agency was already in a reduced capacity when further reductions in force and mandatory reassignments were announced. These appear to have focused primarily on the Stakeholder Engagement Division and Infrastructure Security Division.[iv] [v] However, it is worth noting that these further reductions appear consistent with long signaled cuts. CISA’s Fiscal Year 26 Congressional Budget Justification from earlier in the year proposed massive decreases in funding for the stakeholder engagement in particular (cutting the Stakeholder Engagement budget line item down from ~$43 million to $3 million).[vi]
We will not go into depth on U.S. government shutdown procedures and effects, but for those interested there are useful primers available.[vii]
Action & Analysis
**Included with Health-ISAC Membership**
[i]https://www.congress.gov/bill/119th-congress/senate-bill/2983?s
[ii]https://insidecybersecurity.com/daily-news/senate-passes-fiscal-2026-ndaa-without-reauthorization-major-info-sharing-law
[iii]https://www.dhs.gov/sites/default/files/2025-09/2025_0930_dhs_procedures_related_to_a_lapse_in_appropriations.pdf
[iv]https://www.nextgov.com/cybersecurity/2025/10/multiple-cisa-divisions-targeted-shutdown-layoffs-people-familiar-say/408773/?oref=ng-home-top-story
[v]https://www.cybersecuritydive.com/news/cisa-layoffs-reassignments-dhs-white-house-government-shutdown/802723/
[vi] https://www.dhs.gov/sites/default/files/2025-06/25_0613_cisa_fy26-congressional-budget-justificatin.pdf
[vii] For those interested in learning more about how U.S. government shutdowns occur and how they are resolved, The Brookings Institution has a good primer here: https://www.brookings.edu/articles/what-is-a-government-shutdown-and-why-are-we-likely-to-have-another-one/ and the U.S. Congressional Research Service has useful guides here: https://www.congress.gov/crs-product/R47693
[viii] https://www.reuters.com/world/us/us-investment-boom-is-sustainable-bessent-says-2025-10-15/
