Stakeholder Letter to Congress in Support of CISA 2015 Reauthorization

Download PDF

May 13, 2025

TO THE MEMBERS OF THE U.S. CONGRESS:

The Protecting America’s Cyber Networks Coalition (the Coalition) urges Congress to reauthorize the Cybersecurity Information Sharing Act of 2015 (CISA 2015) before it expires on September 30, 2025.

Reauthorizing CISA 2015 is a top policy priority for the Coalition, a partnership of leading business associations representing nearly every sector of the U.S. economy. If CISA 2015 lapses, the U.S. will encounter a more complex and dangerous security environment. A variety of foreign cybercriminals are targeting our advanced commercial capabilities, critical infrastructure, and economic well-being through various tactics, such as phishing and ransomware. Malicious hackers target both large national corporations and local branches, offices, and warehouses. Their attacks impact individual businesses, people, and their surrounding communities.

Sharing information about cyber threats and incidents complicates attackers’ operations because defenders learn what to monitor and prioritize. Consequently, attackers are forced to invest more in new tools or target different victims. CISA 2015 helps defenders improve their security measures while raising costs for attackers.

Congress passed CISA 2015 with bipartisan support from both parties and the administration. This important cybersecurity law enables private entities to increase their protection of data, devices, and computer systems while promoting the sharing of cyber threat information with industry and government partners within a secure policy and legal framework. CISA 2015 also provides protections for businesses related to public disclosure, regulatory issues, and antitrust matters to promote the timely exchange of information between public and private entities. Industry and government have a strong record of safeguarding privacy and civil liberties under this legislation.

CISA 2015 is a cornerstone of American cybersecurity. It enhances businesses’ ability to respond swiftly to today’s cyber threats, including tackling cybersecurity issues and addressing them at scale. Lawmakers must send the CISA 2015 reauthorization legislation to the president to continue ensuring that businesses have legal certainty and protection against frivolous lawsuits when voluntarily sharing and receiving threat indicators and taking steps to mitigate cyberattacks.

Since the implementation of CISA 2015, collaboration in cybersecurity has improved significantly in several ways, including encouraging the development and/or the expansion of information sharing and analysis centers, or ISACs, across multiple sectors. These centers serve as hubs for sharing cybersecurity information within specific industries, thereby boosting sector specific threat detection and response capabilities.

Cyber incidents underscore the need for legislation that helps businesses augment their understanding of cybersecurity threats and strengthen their protection and response capabilities in collaboration with government entities. It is encouraging that leading members of the House and Senate Homeland Security and Intelligence committees advocated for the renewal of CISA 2015.

The Coalition is dedicated to collaborating with the Trump administration and lawmakers to swiftly reauthorize CISA, thus enhancing national security and bolstering the resilience and protection of the U.S. business community. Congressional action is urgently needed.

Please see the attached PDF for full list of organizational signatories.