CISA Optimistic About Extending Cybersecurity Data Sharing
▼ Summary
– CISA expects Congress to renew the expiring Cybersecurity Information Sharing Act, which facilitates voluntary threat intelligence sharing among companies and the government.
– The Cybersecurity Information Sharing Act, signed in 2015, is set to expire on September 30, 2025, with CISA leaders hopeful for its extension.
– CISA confirmed continued funding for the CVE program, emphasizing automation and quality improvements to enhance vulnerability remediation.
– CISA leaders dismissed layoff concerns, highlighting new initiatives like Thorium and $100m in state/local cyber grants as evidence of progress.
– CISA plans to release new IT services soon to streamline access to its Cyber Hygiene vulnerability scanning program, which has over 11,000 users.
The Cybersecurity and Infrastructure Security Agency (CISA) remains confident that Congress will renew a critical cybersecurity law set to expire in 2025, ensuring continued collaboration between private companies and government entities in combating digital threats. The legislation, known as the Cybersecurity Information Sharing Act (CISA), was enacted in 2015 and provides legal protections for organizations that voluntarily exchange threat intelligence. Agency leaders emphasized its importance during recent discussions at Black Hat USA 2025.
Christopher Butera, CISA’s executive assistant director, and Robert Costello, the agency’s chief information officer, expressed optimism about the law’s renewal, stressing the need for swift information sharing in an evolving threat landscape. “Adversaries adapt rapidly, making timely data exchange essential,” Costello noted. Their sentiments were echoed by cybersecurity expert Cynthia Kaiser, who highlighted the law’s role in strengthening national defenses against ransomware and other cyber risks.
Beyond legislative advocacy, CISA reaffirmed its commitment to the Common Vulnerabilities and Exposures (CVE) program, a cornerstone of vulnerability management. Butera confirmed ongoing funding and improvements, particularly in automation to accelerate threat remediation. “We’re shifting from growth to quality, ensuring faster, more effective responses,” he explained. Costello praised the program as a “powerful and reliable tool” for cybersecurity professionals.
Addressing concerns about workforce reductions, both leaders dismissed claims of diminished capabilities, pointing to recent successes like mitigating the ‘ToolShell’ SharePoint exploit and launching Thorium, a cutting-edge malware analysis platform. Butera also highlighted $100 million in state and local cyber grants, underscoring CISA’s expanded support for critical infrastructure protection.
Looking ahead, Costello teased upcoming enhancements to CISA’s Cyber Hygiene (CyHy) services, which currently serve over 11,000 users. These improvements aim to streamline access to vulnerability scanning tools, further bolstering organizational resilience. “We’re on the verge of rolling out new IT services to simplify enrollment,” he said, signaling CISA’s ongoing evolution as a key player in national cybersecurity efforts.
(Source: NewsAPI Cybersecurity & Enterprise)
