Industry leaders from the financial services, energy, and technology sectors have called on Congress to reauthorize the Cybersecurity Information Sharing Act (CISA 2015) before its expiration on September 30, 2025. In a letter addressed to Senate and House leadership, these sectors emphasized the importance of this legislation for protecting America's critical infrastructure.
The letter highlights the effectiveness of CISA's voluntary information-sharing framework in bolstering defenses against increasingly sophisticated cybersecurity threats. "This voluntary information-sharing framework has been instrumental in strengthening our collective defense against cybersecurity threats that continue to grow in sophistication and severity," it states. The signatories warned that allowing CISA to expire could hinder critical information exchange, making the nation more susceptible to cyberattacks: "The expiration of these protections risks creating a chilling effect on this critical information exchange—leaving us all more vulnerable to nation-state attacks and cybercriminals moving forward."
CISA was initially enacted following the 2015 Office of Personnel Management data breach. It offers private sector entities crucial information and liability protections for sharing cyber threats with CISA, alongside an antitrust exemption for inter-company threat sharing.
The letter was signed by several organizations including:
- Alliance for Digital Innovation
- American Bankers Association
- American Public Power Association
- Bank Policy Institute
- Business Software Alliance
- Edison Electric Institute
- Independent Community Bankers of America
- Information Technology Industry Council (ICI)
- Institute of International Bankers
- National Rural Electric Cooperative Association
- Operational Technology Cybersecurity Coalition
- Securities Industry and Financial Markets Association
The Bank Policy Institute is among the signatories. It is a nonpartisan public policy group representing various banks operating in the United States. The organization engages in academic research, regulatory analysis, and represents the financial services industry concerning cybersecurity issues.
For further details or inquiries, contact Austin Anton at the Bank Policy Institute via email at austin.anton@bpi.com.