Exclusive: Peters, Rounds tee up bill to renew expiring cyber threat information sharing law
A bipartisan pair of senators are kicking off the race Wednesday to reauthorize a 2015 cyber threat information sharing law, a move that industry groups and cyber experts are eager to see happen before it’s set to expire in September.
Advocates say the 10-year-old Cybersecurity Information Sharing Act has been vital to sharing threat information by providing legal protections to do so through several avenues: between companies, from companies to government and via programs like the Joint Cyber Defense Collaborative.
Now, Michigan Sen. Gary Peters, the top Democrat on the Senate Homeland Security Committee, and Sen. Mike Rounds, the South Dakota Republican who chairs the Armed Services panel’s cyber subcommittee, are co-sponsoring a bill to extend the law for another 10 years. CyberScoop is the first to report on the legislation’s introduction.
“As cybersecurity threats grow increasingly sophisticated, information sharing is not just valuable — it remains essential for our national security,” Peters said. “For the past ten years, these critical protections have helped to address rapidly evolving cybersecurity threats, and this bipartisan bill will renew them so we can continue this collaborative partnership between the private sector and government to bolster our nation’s cybersecurity defenses against a wide range of adversaries.”
Rounds said that “the Cybersecurity Information Sharing Act of 2015 has been instrumental in strengthening our nation’s cyber defenses by enabling critical information sharing between the private sector and government.” He continued: “Allowing this legislation to lapse would significantly weaken our cybersecurity ecosystem, removing vital liability protections and hampering defensive operations across both the defense industrial base and critical infrastructure sectors.”
While there have been calls to update the legislation to better match the current threats, the Peters-Rounds legislation is a simple 10-year extension.
What’s still unclear is how the bill can get across the finish line. A Homeland Security and Governmental Affairs aide said the bill is expected to be assigned to that panel for consideration.
Its chairman, however — Sen. Rand Paul, R-Ky. — has been a critic of the agency with primary cyber responsibilities in the Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency. He also opposed the original 2015 law, citing privacy concerns that advocates say have not materialized into violations. Some backers have suggested the bill’s chances of passage increase if it’s instead routed through Congress’ intelligence committees, as it was in the Senate 10 years ago.
But under the Trump administration, the agency has curtailed many of the activities Paul has most objected to, namely its work on disinformation and misinformation that he considers at odds with First Amendment rights.
The aide said “we look forward to continued productive discussions” on the bill.
A press release set to announce the renewal legislation Wednesday touted the 2015 law’s role in aiding responses to a number of major cyber incidents. It was “used to help address the SolarWinds cyberattack, operations like Volt Typhoon and Salt Typhoon, and to alert federal agencies to ongoing attacks from Russia, China, Iran, North Korea, and other attackers,” the release states.
“This threat information is also often shared widely with state and local governments, and critical infrastructure sectors through the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Joint Cyber Defense Collaborative and various Information Sharing and Analysis Centers, or ISACs — ensuring communities … throughout the nation and businesses across a range of industries are informed of ongoing cybersecurity threats,” it continues.
The expiring 2015 law is one of two major cyber programs with a September expiration date, alongside the state and local cyber grant program.
