08/18/2025

Former FBI cyber leader: The cybersecurity law that’s quietly keeping America safe is about to expire

Fortune

The clock is ticking toward September 30, 2025, when one of America’s most vital cybersecurity protections will expire unless Congress acts. The Cybersecurity Information Sharing Act of 2015 (CISA 2015) has quietly become the backbone of our nation’s cyber defense. Without creating any additional regulations, it enabled the rapid sharing of threat intelligence between government and businesses that has prevented countless cyber attacks over the past decade. The Act’s protections have facilitated threat warnings to thousands of organizations just this year.  Its potential sunset threatens to unleash a wave of cyberattacks that will devastate the small and medium-sized businesses (SMBs) that form a foundational part of our economy.

As someone who has worked on both sides—first leading public-private partnerships at the FBI and now facilitating industry collaboration—I’ve witnessed firsthand how CISA 2015 transformed our cybersecurity landscape. The law provides crucial liability protections that encourage companies to share threat indicators with the government and each other, while offering antitrust protection for industry-to-industry collaboration. Without these safeguards, the robust information sharing that has made American networks more secure simply stops.