COMMENTARY: Cyberattacks aren’t just targeting tech companies; they’re hitting the systems that power your life:
The hospital down the street
The grid that keeps your lights on
The supply chain behind your prescriptions and groceries.
Foreign adversaries like China and Russia are increasingly using cyberspace to disrupt our economy, steal innovation, and quietly embed themselves in our infrastructure.
We rely on real-time collaboration between the private sector and the federal government to fight back. However, that cooperation depends on a law you’ve probably never heard of—the
Cybersecurity Information Sharing Act of 2015 (CISA 2015). It created the legal foundation for businesses to share threat information with federal agencies quickly and safely, without fear of lawsuits or red tape.
That law expires in September. If Congress doesn’t reauthorize it, our first line of cyber defense will fracture, and Americans will be less safe.
National security stakes are high
China is
actively targeting U.S. infrastructure. Its cyber operators are embedding themselves in pipelines, ports, power grids, hospitals, and water systems—preparing to disrupt or disable critical services inside the United States when it most benefits them.
These operations are designed to hold American lives and economic stability at risk.
Foreign adversaries now conduct cyber campaigns to gain long-term access, exploit vulnerabilities at scale, and undermine U.S. strategic advantage. They are inside the networks of small businesses, defense contractors, and public utilities, placing persistent pressure on every layer of our economy.
Small businesses, in particular, remain disproportionately vulnerable, even as they anchor local economies and Main Streets across the country.
CISA 2015 was created in direct response to this threat environment. After the
Office of Personnel Management breach revealed catastrophic weaknesses in how the federal government shared cyber intelligence, Congress established a
legal framework to facilitate rapid, secure coordination between the private sector and national security agencies.
That framework has worked—imperfectly but effectively. It provides companies with the legal clarity to share threat indicators and allow the government to issue actionable warnings across sectors. It has become a core piece of
our National Cybersecurity Strategy.
Some may argue it’s time to update the law. However, during a period of rising risk and geopolitical instability, preserving the legal foundation for information sharing is more critical than discussing its future scope. A clean reauthorization—now—is the most sensible path forward.
Allowing the law to lapse would blindfold our responders and disrupt the ecosystem we’ve spent a decade building.
The coalition’s unified call to action
A coalition of
52 industry organizations—representing sectors from defense and energy to healthcare, finance, and manufacturing—is urging Congress to reauthorize CISA 2015 without delay. Led by the U.S. Chamber of Commerce, these groups span nearly every corner of the American economy.
Their message is clear: They rely on the legal assurances CISA 2015 provides to share cyber threat information quickly and without fear of liability. Without it, real-time coordination between businesses and the federal government would stall, creating gaps that adversaries are poised to exploit.
As the coalition’s
joint letter puts it, the law enables private entities “to increase their protection of data, devices, and computer systems while promoting the sharing of cyber threat information with industry and government partners within a secure policy and legal framework.”
These protections make public-private cybersecurity partnerships possible at scale. CISA 2015 not only reduces legal and regulatory friction but has also catalyzed the growth of sector-specific Information Sharing and Analysis Centers (ISACs), which now serve as vital hubs for early warning and coordinated response.
Letting the law lapse would erode this infrastructure of trust and connectivity, and send exactly the wrong message to adversaries watching how seriously we take national cyber defense.
Bipartisan momentum, urgent timing
Momentum to reauthorize CISA 2015 is real—and rare. Senators Gary Peters (D-MI) and Mike Rounds (R-SD) have introduced a
bipartisan bill to extend the law through 2035. In the House, Chairman Andrew Garbarino (R-NY) has held hearings highlighting the law’s national security value and
supports reauthorization.
Executive leadership reinforces this alignment. Secretary of Homeland Security Kristi Noem has
called on Congress to act, stating that CISA 2015 must be renewed to preserve the partnerships and threat mitigation efforts it makes possible.
While some have raised
ideas about modernizing the law’s provisions, leaders on both sides of the aisle understand the stakes: allowing the statute to lapse would inject legal uncertainty, stall information sharing, and weaken the nation’s frontline cyber defenses.
There is a time and place for future debate, but
this is a moment for continuity. Reauthorizing the law clearly and promptly will maintain our cybersecurity posture and demonstrate the unity our adversaries hope to fracture.
Protecting Americans where it matters most
CISA 2015 strengthens the systems that Americans rely on every day. It helps keep hospitals running, power flowing, supply chains functioning, and financial services stable. It empowers defenders to respond quickly, share critical intelligence, and stay ahead of rapidly evolving cyber threats.
This law facilitates trusted collaboration between the private sector and the federal government—an essential function in a threat environment where speed and coordination can determine the difference between resilience and disruption.
Reauthorizing the Cybersecurity Information Sharing Act will preserve and reinforce the foundation of our national cyber defense. It will ensure that businesses, government agencies, and critical infrastructure owners and operators continue working together to protect the American people.
Congress should act decisively to protect what works and strengthen the partnerships that secure this country. Reauthorizing CISA 2015 will reaffirm our commitment to defending Americans, where it matters most.
