Why Reauthorizing CISA 2015 Is Important to U.S. Critical Infrastructure Security

Lee Kim JD CISSP CIPP/US, Director, InfraGard Northern Capital Region

The Cybersecurity Information Sharing Act of 2015 (CISA 2015) has been a cornerstone of national cybersecurity policy – enabling timely, voluntary, and protected sharing of cyber threat intelligence between the private sector and government. With its expiration date approaching on September 30, 2025, more than 50 industry associations across critical infrastructure sectors are urging Congress to reauthorize this vital law.

Across critical infrastructure sectors such as finance, energy, manufacturing, healthcare, and other sectors, CISA 2015 has helped organizations improve their security posture, reduce risk, and respond more effectively to cyber threats. The law not only fosters trusted information exchange, but also provides legal clarity and liability protections to encourage participation.

Section 405 of the Cybersecurity Information Sharing Act of 2015 specifically addresses cybersecurity in the healthcare sector, calling for a voluntary, consensus-based, industry-led approach to developing cybersecurity best practices. This provision laid the foundation for collaborative efforts that continue to guide healthcare organizations today.

CISA 2015 has proven its value across sectors. Its reauthorization is essential to maintaining our collective defense against evolving cyber threats.

Further Reading

• Coalition letter supporting reauthorization of CISA 2015
• Cybersecurity Information Sharing Act of 2015 (PDF)
• House Homeland Security hearing on reauthorization