Overview

• Congress allowed the Cybersecurity Information Sharing Act of 2015 to expire at the start of the fiscal year, ending liability and antitrust protections for exchanging cyber threat data.
• Financial-sector leaders warn sharing could slow or pause as legal reviews intensify, though FS-ISAC says it does not expect its members’ cooperation to be affected.
• Banks and technology vendors must reassess how they circulate indicators that may include personal data, with advisers urging updates to monitoring notices and internal policies.
• CISA’s Automated Indicator Sharing program lacked finalized contingency plans prior to the sunset, putting machine-readable threat feeds at risk, according to a DHS inspector general report.
• Reauthorization efforts stalled after Sen. Rand Paul objected to a clean extension, even as Sens. Gary Peters, Susan Collins and Mike Rounds backed a long-term renewal.