The Cybersecurity Information Sharing Act of 2015 was the culmination of more than five years of work. Someone reading the statute now might think the activities it authorizes are rather pedestrian. Yet, concerns at the time were significant enough that the statute included a sunset clause for September 30, 2025. Over the past decade, this statute has come to underpin a broad array of cyber defense activities among federal entities, private entities, state and local governments, including those providing utility services like electric, natural gas, or water services. At the same time, the protections built into the statute and subsequent implementation guidance to address concerns spanning privacy, moral hazards, law enforcement worries, and regulatory fears have largely proven sufficient. Yet the road to reauthorization will not necessarily be smooth.
Join Michael Daniel (CTA), Mike Flynn (ITI), Ari Schwartz (Venable), Amy Shuart (BRT), and Kemba Walden (Paladin Capital) as they discuss why CISA 2015 is so critical to cybersecurity and what can be done to address any lingering concerns.