WASHINGTON, DC — U.S. Senators Gary Peters (D-MI), Ranking Member of the Homeland Security and Governmental Affairs Committee and Mike Rounds (R-SD), introduced a bipartisan bill to extend provisions that encourage businesses to share information about ongoing cybersecurity threats with the federal government to strengthen our nation’s cybersecurity defenses. The bill, which will extend provisions that were originally signed into law through the Cybersecurity Information Sharing Act of 2015, incentivizes companies to voluntarily share cybersecurity threat indicators, such as software vulnerabilities, malware, or malicious IP addresses, with the Department of Homeland Security (DHS) to protect Americans’ personal information and ensure that both the federal government and companies can take collaborative steps to prevent data breaches or attacks from cybercriminals and foreign adversaries. Peters and Rounds’ Cybersecurity Information Sharing Extension Act would extend these critical protections for an additional ten years.
“As cybersecurity threats grow increasingly sophisticated, information sharing is not just valuable—it remains essential for our national security,” said Senator Peters. “For the past ten years, these critical protections have helped to address rapidly evolving cybersecurity threats, and this bipartisan bill will renew them so we can continue this collaborative partnership between the private sector and government to bolster our nation’s cybersecurity defenses against a wide range of adversaries.”
“The Cybersecurity Information Sharing Act of 2015 has been instrumental in strengthening our nation’s cyber defenses by enabling critical information sharing between the private sector and government,” said Senator Rounds. “Allowing this legislation to lapse would significantly weaken our cybersecurity ecosystem, removing vital liability protections and hampering defensive operations across both the defense industrial base and critical infrastructure sectors.”
Since it was first enacted ten years ago, the Cybersecurity Information Sharing Act of 2015 has been instrumental in fostering collaboration between industry leaders and federal agencies, enabling the identification and mitigation of cybersecurity threats. Protection from legal or regulatory punishment in the legislation has encouraged private sector organizations to voluntarily share information about cybersecurity threats, providing valuable insights into malicious cyber activities and strengthening our nation’s ability to respond to cyberattacks. Information sharing about security flaws also helps prevent significant breaches and helps CISA support victims of attacks as they recover. The legislation also established comprehensive privacy protection to prevent individuals’ personally identifiable information (PII) from being included in threat information reports.
In recent years, these information sharing protections have been used to help address the SolarWinds cyberattack, operations like Volt Typhoon and Salt Typhoon, and to alert federal agencies to ongoing attacks from Russia, China, Iran, North Korea, and other attackers. This threat information is also often shared widely with state and local governments, and critical infrastructure sectors through the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Joint Cyber Defense Collaborative and various Information Sharing and Analysis Centers, or ISACs – ensuring communities across throughout the nation and businesses across a range of industries are informed of ongoing cybersecurity threats.
In his role on the Homeland Security and Governmental Affairs Committee, Peters has led efforts to ensure our nation is better prepared to defend against cyberattacks. His historic, bipartisan provision to require critical infrastructure owners and operators to report to CISA if they experience a substantial cyberattack or if they make a ransomware payment was signed into law. Peters’ bipartisan bills to enhance cybersecurity assistance to K-12 educational institutions, bolster cybersecurity for state and local governments, strengthen the federal cybersecurity workforce, and help secure federal information technology supply chains have also been signed into law.
###