The American Bankers Association today joined 11 associations in urging lawmakers to extend a federal law that established voluntary procedures for information sharing about cyberthreats between government and private entities and protections for sharing among private sector companies.
The Cybersecurity Information Sharing Act was passed by Congress in 2015 following an Office of Personnel and Management data breach that exposed the private information of millions of government employees and contractors. The law is set to expire on Sept. 30. In a joint letter, the associations said the information-sharing framework the legislation created “has been instrumental in strengthening our collective defense against cybersecurity threats that continue to grow in sophistication and severity.”
“In the decade since its enactment, the law has meaningfully improved the capacity and speed with which we can respond to large-scale cyber incidents while establishing clear expectations for privacy and confidentiality,” the associations said. “This includes building the structures used by private sector cyber defenders to inform government partners of ongoing cyber threats from malicious actors. Equally as important, the law’s antitrust exemption and associated protections have also facilitated broader cyber information sharing between private companies.”
The associations pointed to attacks on U.S. infrastructure by nation-state hackers as one reason the law is still needed. “The expiration of these protections risks creating a chilling effect on this critical information exchange — leaving us all more vulnerable to nation-state attacks and cybercriminals moving forward,” they said.
