What the lapse meant for enterprises: The expiration of CISA 2015 eliminated legal protections for sharing threat information, disrupting the real-time intelligence exchanges that had become routine over the past decade. Without its statutory shields, organizations faced potential liability for monitoring networks, sharing defensive measures, and coordinating responses with peers and federal agencies.The law had explicitly authorized private entities to take defensive measures against cyberattacks, monitor their own and customers’ networks with consent, and exchange indicators to strengthen detection and response. It also protected shared data from public disclosure under FOIA and shielded participating companies from antitrust claims tied to joint defense activities.Companies that previously shared threat data automatically needed lawyers to review each exchange, determining what laws might be violated and whether existing agreements covered the information transfer.The expiration of the Federal Cybersecurity Enhancement Act also ended statutory authority for CISA to operate the EINSTEIN program and other network-security services for civilian agencies, adding operational strain across government networks.
Broader provisions and workforce impact: Beyond restoring the cybersecurity laws, the continuing resolution included measures to protect federal employees affected by the shutdown. The bill will “protect federal workers from baseless firings, reinstate those who have been wrongfully terminated during the shutdown, and ensure federal workers receive back pay,” Senator Tim Kaine said in a statement, adding that the provisions were critical for earning his support.CISA’s workforce shrank by nearly a third during the shutdown through buyouts, deferred resignations, and layoffs, falling from roughly 3,300 to about 2,200 employees. Divisions, including Stakeholder Engagement and Infrastructure Security, were hit hardest. The new workforce protections could reverse some of those losses once the bill becomes law.The continuing resolution extended current government funding levels through January 2026, according to Cramer’s office. Eight Democrats joined Republicans to advance the bill.Suppose the resolution clears both chambers as expected. In that case, Congress will face another funding deadline early next year, and with it, another test of how well Washington can balance political gridlock with national cyber resilience.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4088018/senate-moves-to-restore-lapsed-cybersecurity-laws-after-shutdown.html
