U.S. Senators Gary Peters (D-MI) and Mike Rounds (R-SD) have introduced a bipartisan bill to extend vital provisions from the Cybersecurity Information Sharing Act of 2015. The new legislation, titled the Cybersecurity Information Sharing Extension Act, seeks to maintain and strengthen information-sharing mechanisms between the private sector and the federal government, particularly through the Department of Homeland Security (DHS).
The original Cybersecurity Information Sharing Act was enacted in 2015 to encourage businesses to voluntarily share cybersecurity threat indicators, such as software vulnerabilities, malware signatures, and malicious IP addresses, with the federal government. This collaborative model has been a cornerstone in protecting critical infrastructure and private data from a wide range of cyber threats, including attacks from nation-state actors and cybercriminals.
With the original provisions set to expire, the Cybersecurity Information Sharing Extension Act would renew them for an additional ten years, preserving legal protections that have encouraged companies to share threat data without fear of legal or regulatory repercussions.
The Bipartisan Bill
“As cybersecurity threats grow increasingly sophisticated, information sharing is not just valuable—it remains essential for our national security,” said Senator Peters, who serves as the Ranking Member of the Homeland Security and Governmental Affairs Committee. “For the past ten years, these critical protections have helped to address rapidly evolving cybersecurity threats, and this bipartisan bill will renew them so we can continue this collaborative partnership between the private sector and government to bolster our nation’s cybersecurity defenses against a wide range of adversaries.”
Senator Rounds echoed these sentiments, emphasizing the necessity of maintaining these legal protections to ensure continued cooperation across the public and private sectors. “The Cybersecurity Information Sharing Act of 2015 has been instrumental in strengthening our nation’s cyber defenses by enabling critical information sharing between the private sector and government,” said Rounds. “Allowing this legislation to lapse would significantly weaken our cybersecurity ecosystem, removing vital liability protections and hampering defensive operations across both the defense industrial base and critical infrastructure sectors.”
Supporting Cybersecurity in the Region
Since its inception, the legislation has helped uncover and mitigate major cyber incidents, including the high-profile SolarWinds attack, as well as ongoing campaigns like Volt Typhoon and Salt Typhoon. These incidents demonstrated the need for rapid, coordinated responses, which were made possible through the sharing of actionable threat intelligence.
Moreover, the Department of Homeland Security (DHS), primarily through the Cybersecurity and Infrastructure Security Agency (CISA), has leveraged this shared information to support federal, state, and local agencies, as well as private companies across critical sectors. Through initiatives like the Joint Cyber Defense Collaborative and Information Sharing and Analysis Centers (ISACs), CISA ensures that threat alerts are disseminated widely to help communities and businesses preempt and respond to attacks.
Importantly, the legislation also includes strong privacy safeguards. It mandates that personally identifiable information (PII) be stripped from threat data before it is shared, ensuring that public safety does not come at the expense of individual privacy rights.
Senator Peters has been a longstanding advocate for improving cybersecurity preparedness. His legislative efforts have led to the enactment of several bipartisan bills aimed at enhancing cybersecurity support for K-12 schools, securing federal supply chains, strengthening the cybersecurity workforce, and improving protection for state and local governments. He also authored a landmark provision requiring critical infrastructure entities to report major cyber incidents or ransomware payments to CISA.
Conclusion
The reauthorization of the Cybersecurity Information Sharing Extension Act reflects a strong commitment to staying protected from threats by fostering ongoing collaboration between the government and the private sector. With cyberattacks growing more frequent and targeted, the legislation introduced by Senators Peters and Rounds takes a crucial step in reinforcing the nation’s digital defenses. As the bill advances through Congress, it marks an important moment of bipartisan cooperation in cybersecurity, demonstrating that addressing cyber threats effectively requires a unified approach and sustained partnership between the public and private sectors.
