Back

CISA 2015 Law Set to Expire Amid New Cyber Incident Reporting Requirements

Severity: Medium (Score: 51.9)

Sources: www.federalregister.gov, Fisherphillips, Legis1, www.regulations.gov, www.congress.gov

Summary

The Cybersecurity Information Sharing Act (CISA) of 2015 is set to expire on September 30, 2026, with Congress yet to decide on its renewal. This law facilitates data sharing between the government and private sector, providing legal protections for companies that report cyber threats. A Congressional Research Service report warns that without CISA, private entities may hesitate to share vital threat information, potentially leading to a lack of comprehensive threat awareness. Concurrently, the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) mandates new reporting obligations for tech companies, which will significantly impact compliance across the sector. CISA's expiration could hinder the effectiveness of CIRCIA's implementation, as both laws are intertwined in addressing cybersecurity challenges. The tech industry is advocating for a long-term renewal of CISA to maintain these protections. Key Points: • CISA 2015 is set to expire on September 30, 2026, affecting data sharing protections. • The CIRCIA law introduces new mandatory reporting requirements for critical infrastructure sectors. • Industry groups are pushing for the renewal of CISA to avoid gaps in cybersecurity collaboration.

Key Entities

  • Ransomware (attack_type)
  • archives.gov (domain)
  • federalregister.gov (domain)
  • govinfo.gov (domain)
  • Energy (industry)
  • Healthcare (industry)
  • Information Technology (industry)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed