Rounds Introduces Bill to Extend Cybersecurity Information Sharing Act to Prevent Cyber Security Threats

WASHINGTON – U.S. Senators Mike Rounds (R-S.D.), Chairman of the Senate Armed Services Committee’s Subcommittee on Cybersecurity, and Gary Peters (D-Mich.) introduced a bipartisan bill to extend the Cybersecurity Information Sharing Act (CISA) of 2015 for an additional ten years.

CISA, signed into law in 2015, incentivizes companies to voluntarily share cybersecurity threat indicators, such as software vulnerabilities, malware or malicious IP addresses, with the Department of Homeland Security (DHS). This protects Americans’ personal information and makes certain that both the federal government and companies can take collaborative steps to prevent data breaches or attacks from cybercriminals and foreign adversaries.

“The Cybersecurity Information Sharing Act of 2015 has been instrumental in strengthening our nation's cyber defenses by enabling critical information sharing between the private sector and government,” said Rounds. “Allowing this legislation to lapse would significantly weaken our cybersecurity ecosystem, removing vital liability protections and hampering defensive operations across both the defense industrial base and critical infrastructure sectors.”

“As cybersecurity threats grow increasingly sophisticated, information sharing is not just valuable—it remains essential for our national security,” said Peters. “For the past ten years, these critical protections have helped to address rapidly evolving cybersecurity threats, and this bipartisan bill will renew them so we can continue this collaborative partnership between the private sector and government to bolster our nation’s cybersecurity defenses against a wide range of adversaries.”

Click HERE to read full text of the bill.

BACKGROUND:

Since it was first enacted ten years ago, the Cybersecurity Information Sharing Act of 2015 has been instrumental in fostering collaboration between industry leaders and federal agencies, enabling the identification and mitigation of cybersecurity threats. Protection from legal or regulatory punishment in the legislation has encouraged private sector organizations to voluntarily share information about cybersecurity threats, providing valuable insights into malicious cyber activities and strengthening our nation’s ability to respond to cyberattacks. Information sharing about security flaws also helps prevent significant breaches and helps CISA support victims of attacks as they recover. The legislation also established comprehensive privacy protection to prevent individuals’ personally identifiable information (PII) from being included in threat information reports.

In recent years, these information sharing protections have been used to help address the SolarWinds cyberattack, operations like Volt Typhoon and Salt Typhoon, and to alert federal agencies to ongoing attacks from Russia, China, Iran, North Korea and other attackers. This threat information is also often shared widely with state and local governments, and critical infrastructure sectors through the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Joint Cyber Defense Collaborative and various Information Sharing and Analysis Centers, or ISACs – making certain communities throughout the nation and businesses across a range of industries are informed of ongoing cybersecurity threats. 

###