Congress let a key cybersecurity law expire this week, leaving US networks more vulnerable

There’s a long list of reasons US stability is now teetering between “Fyre Festival” and “Charlie Sheen’s ‘Tiger Blood’ era.” Now you can add cybersecurity to the tally. A crucial cyber defense law, the Cybersecurity Information Sharing Act of 2015 (CISA 2015), has lapsed. With the government out of commission, the nation’s computer networks are more exposed for… who knows how long. Welcome to 2025, baby.

CISA 2015 promotes the sharing of cyber threat information between the private and public sectors. It includes legal protections for companies that might otherwise hesitate to share that data. The law promotes “cyber threat information sharing with industry and government partners within a secure policy and legal framework,” a coalition of industry groups wrote in a letter to Congress last week.

As Cybersecurity Dive explains, CISA 2015 shields companies from antitrust liability, regulatory enforcement, private lawsuits and FOIA disclosures. Without it, sharing gets more complicated. “There will just be many more lawyers involved, and it will all go slower, particularly new sharing agreements,” Ari Schwartz, cybersecurity director at the law firm Venable, told the publication. That could make it easier for adversaries like Russia …read more