CISA 2015 reauthorization: Likely, but late and suboptimal: A major cybersecurity bill called the Cybersecurity Information Sharing Act of 2015 (CISA 2015), which expired on Sept. 30, was temporarily revived on Nov. 13 and given a two-month lease on life through Jan. 30, 2026. The law provides critical legal liability protections that enable cyber threat information sharing among organizations and the federal government.The short-term extension seemed to ensure a longer-term renewal of the legislation, as lawmakers, the administration, and industry broadly agree that failure to extend the legal liability protection under CISA 2015 is unacceptable.”It’s very important,” US Representative Garbarino said at the McCrary event. “It is imperative that it gets passed, and it gets extended. I don’t know how it gets done on its own. I feel like we have to attach it to another must-pass piece as legislation, whether that’s government funding, but we need it passed.”In an emailed statement, CISA Director of Public Affairs Marci McCarthy tells CSO, “Reauthorizing the Cybersecurity Information Sharing Act of 2015 is vital to sustaining this progress, enabling industry and government to share information, respond to incidents, and mitigate cyber risks with speed and precision.”White House National Cyber Director Sean Cairncross has said, “I just want to be abundantly clear that we are for, and the White House is for, a 10-year clean reauthorization of CISA 2015.”With this tight level of agreement and support, odds are good that Congress will eventually reauthorize the legislation, although it is likely to be less than the 10-year renewal period advocates of the bill’s reauthorization seek.”Our colleagues in the Senate have different ideas,” Garbarino said. “Some of them want to do a 10-year clean reauthorization. I don’t know if I can get that passed in the House with concerns from the Freedom Caucus chairman,” Andy Harris (R-MD), who has urged a go-slow approach to CISA 2015.Even if Garbarino gets CISA 2015 through the House, some experts say a clean reauthorization would likely still be opposed by Senate Homeland Security Committee Chair Rand Paul (R-KY), who blocked the Senate from passing a bill to extend the law.
State and local cyber grants: Effectively dead for now: A murky picture emerges for another piece of unfinished business in Congress: a state and local cybersecurity grant program (SLCGP) administered by CISA. Most of the remaining funds in the $1 billion program were hollowed out via Elon Musk’s Department of Government Efficiency in early 2025.In November, the House of Representatives passed the PILLAR Act, which extended the program until 2033, but did not specifically allocate a dollar amount for future grants. Chairman Garbarino thinks there’s a good chance that the SLCGP could get funded.”I have a great partner on appropriations, Chairman Amodei,” he said at the McCrary event, referring to Mark Amodei (R-NV), who is Chairman of the House Appropriations Homeland Security Subcommittee. “We’re trying to find a vehicle to attach it to and get it done.”Some experienced Washington hands, such as CSIS’s Lewis, are skeptical. “I don’t think they’re [the state and local grants] ever coming back,” he tells CSO.
When will Washington move forward?: It’s unclear whether or when the remaining unresolved issues might move forward.”I think the Congress is probably going to do the right thing, but it will take longer because you don’t have executive branch leadership,” Lewis says. “Then they still have to [understand where] the White House is coming from, which is no money, no new authorities, and smaller agencies, before they can get anything in place. If we’re lucky, we’ll see it before the summer break, but it’s going to be a slow process.”It is also possible that an upcoming White House cybersecurity strategy might touch on some of these programs.Some experts say the bipartisan nature of cybersecurity gives them hope. “Cybersecurity and, particularly, protecting critical infrastructure and defending US networks, remain a bipartisan issue,” Schwartz says. “That makes me feel better about the possibility of getting to a point where we are moving forward again.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4116477/us-cybersecurity-weakened-by-congressional-delays-despite-plankey-renomination.html
