A coalition of 13 major trade associations has urged Congress to extend the Cybersecurity Information Sharing Act before its scheduled expiration on September 30. The groups stated that failing to renew the law could hinder coordination between the public and private sectors during cyberattacks and weaken national cybersecurity.
“The current cyber threat landscape highlights the need for consistent public-private collaboration—of which information sharing is a central component,” the coalition wrote. “Without the protections codified by this statute, businesses may be less willing to share cyber threat information for fear of legal exposure. Any chilling effect on this information exchange directly benefits the nation-state attackers and cybercriminals seeking to degrade U.S. economic and national security interests.”
The Cybersecurity Information Sharing Act was passed over ten years ago in response to a breach at the Office of Personnel Management. Recent incidents, including attacks involving SolarWinds, BeyondTrust, and an email compromise at the Office of the Comptroller of the Currency, have highlighted ongoing risks faced by both government agencies and private companies.
The law provides a voluntary system for sharing cyber threat data between businesses and government agencies while maintaining privacy safeguards. It also includes antitrust and liability protections for companies that participate in sharing actionable threat indicators.
Organizations signing the letter include representatives from banking, technology, energy, and other sectors: Alliance for Digital Innovation, American Bankers Association, American Public Power Association, Bank Policy Institute, Business Roundtable, Business Software Alliance, Edison Electric Institute, Independent Community Bankers of America, Information Technology Industry Council (ITI), Institute of International Bankers, National Rural Electric Cooperative Association, Operational Technology Cybersecurity Coalition, and Securities Industry and Financial Markets Association.
A bill to renew the law has advanced in Congress. Led by Chairman Andrew Garbarino (R-NY), it passed unanimously out of the House Committee on Homeland Security with a 25-0 vote.
The Bank Policy Institute describes itself as a nonpartisan organization representing universal banks, regional banks, and major foreign banks operating in the United States. The group conducts research on regulatory policy issues and represents financial institutions regarding cybersecurity matters.
For further information:
Austin Anton
Bank Policy Institute
austin.anton@bpi.com