Congress Allows Key Cybersecurity Law to Expire, Leaving US Networks Vulnerable
A crucial cybersecurity law, the Cybersecurity Information Sharing Act of 2015 (CISA 2015), lapsed on January 15, leaving the nation's computer networks more exposed to cyber threats. The law, which promoted sharing of cyber threat information between private and public sectors, had provided legal protections for companies that might otherwise hesitate to share data.
Without CISA 2015, companies face increased complexity in sharing cyber threat information, according to Ari Schwartz, cybersecurity director at the law firm Venable. "There will just be many more lawyers involved, and it will all go slower, particularly new sharing agreements," Schwartz said in a statement last week.
CISA 2015 had shielded companies from antitrust liability, regulatory enforcement, private lawsuits, and Freedom of Information Act (FOIA) disclosures. The law's expiration has raised concerns among industry groups, which have written to Congress urging its renewal. A coalition of industry groups wrote in a letter that CISA 2015 "promotes cyber threat information sharing with industry and government partners within a secure policy and legal framework."
The lapse of the law comes at a time when cybersecurity threats are on the rise. In recent years, high-profile breaches have exposed sensitive data from major companies, including Equifax and Anthem. The expiration of CISA 2015 has left many wondering what this means for US stability in the face of growing cyber threats.
Some experts argue that the lapse is not a significant concern, as companies can still share information voluntarily. However, others believe that the law's protections were essential to encouraging sharing. "The loss of CISA 2015 will likely lead to a decrease in voluntary sharing, which was already limited," said one expert, who wished to remain anonymous.
As Congress returns from recess, lawmakers are expected to consider renewing or replacing CISA 2015. However, the fate of the law remains uncertain, and its expiration has left many wondering how long it will take for a new solution to be implemented.
In related news, cybersecurity experts have warned that the lapse could lead to increased costs for companies as they navigate more complex sharing agreements. "This is not just about security; it's also about compliance," said Schwartz. "Companies need to ensure they are meeting their regulatory obligations, and this will make it harder."
The expiration of CISA 2015 has left many in the cybersecurity community concerned about the potential consequences for US networks. As one expert noted, "This is a wake-up call for policymakers to recognize the importance of cybersecurity laws and regulations."
*Reporting by Engadget.*
Cybersecurity Law Expires, Leaving US Networks Exposed to Growing Threats
1
0
