Overview
- Congress let the 2015 Cybersecurity Information Sharing Act lapse on Oct. 1 during a shutdown fight, after reauthorization efforts stalled in the Senate despite earlier bipartisan moves in the House.
- The law’s expiration strips key shields including liability, antitrust and FOIA-related protections, and experts say companies are likely to slow or curtail voluntary sharing as decisions shift to legal counsel.
- CISA confirmed its cooperative agreement with the Center for Internet Security ended Sept. 30, and CIS is transitioning the MS‑ISAC to paid membership after temporarily subsidizing services at more than $1 million per month.
- CISA says it will continue to support SLTT governments with grants, free tools and collaboration on joint products while MS‑ISAC shifts models, though CIS has warned of potential service disruptions during the transition.
- A DHS inspector general report found CISA lacks a finalized contingency plan for the Automated Indicator Sharing program even as it handled 10 million indicators in 2024, with operations dependent on limited contributors and on resources and leadership priorities.