The expiration of the Cybersecurity Information Sharing Act of 2015 (CISA 2015) has left a major hole in U.S. cyber defense. The law enabled private companies and federal agencies to rapidly share threat intelligence about hacks, ransomware, and vulnerabilities, providing a critical shield against increasingly sophisticated cyberattacks. With its lapse tied to the ongoing government shutdown, companies now face legal uncertainty when cooperating with federal counterparts, slowing down the very information exchanges designed to protect infrastructure.
Cybersecurity experts warn that adversaries could exploit this gap, as reduced transparency makes it harder to contain or prevent large-scale incidents. The timing is particularly concerning given recent surges in state-sponsored cyber activity and ransomware targeting healthcare, finance, and logistics. Industry groups are urging Congress to act swiftly, either by renewing the statute or introducing updated legislation that reflects today’s cyber landscape. Until then, the expiration is seen as a major setback in safeguarding the digital backbone of the U.S. economy.
