The House Homeland Security Committee yesterday advanced legislation to extend an existing law that enables the federal government to share real-time information about cyberthreats with the private sector. The American Bankers Association supports the legislation.
The Widespread Information Management for the Welfare of Infrastructure and Government Act [H.R. 5079] would reauthorize the 2015 Cybersecurity Information Sharing Act, which created a voluntary framework for the private sector and government agencies to share information about cyberthreats while maintaining strict privacy safeguards. It also created antitrust and liability protections for companies to share actionable threat indicators
The reauthorization bill would update definitions in the 2015 law to include new tactics and technologies, such as artificial intelligence, according to the bill’s sponsors. It would also reauthorize the State and Local Cybersecurity Grant Program for 10 years.
The bill cleared the committee by unanimous vote. In a statement ahead of the hearing, ABA President and CEO Rob Nichols said the Cybersecurity Information Sharing Act has been a vital tool in the defense against increasingly sophisticated cyberthreats.
“The framework it provides has enabled secure and timely threat sharing between the public and private sectors — strengthening our defenses and safeguarding customer data,” Nichols said. “In addition, its antitrust exemption and privacy safeguards give cyber teams the confidence to share the actionable threat indicators needed to fortify systems. We thank Chairman [Andrew] Garbarino and the House Homeland Security Committee for their leadership and urge Congress to extend CISA without delay.”
Associations seek CISA extension
In related news, ABA today joined 12 associations in calling on Congress to extend CISA before its Sept. 30 deadline. Failing to do so would impede public-private sector coordination during cyberattacks and weaken the nation’s cyber defenses amid escalating global threats, the groups said in a joint letter.
“The current cyber threat landscape highlights the need for consistent public-private collaboration — of which information sharing is a central component,” they said. “Without the protections codified by this statute, businesses may be less willing to share cyber threat information for fear of legal exposure. Any chilling effect on this information exchange directly benefits the nation-state attackers and cybercriminals seeking to degrade U.S. economic and national security interests.”
