TO THE MEMBERS OF THE U.S. CONGRESS:
The Protecting America’s Cyber Networks Coalition (the Coalition) urges Congress to reauthorize the Cybersecurity Information Sharing Act of 2015 (CISA 2015) before it expires on September 30, 2025.
Reauthorizing CISA 2015 is a top policy priority for the Coalition, a partnership of leading business associations representing nearly every sector of the U.S. economy. If CISA 2015 lapses, the U.S. will encounter a more complex and dangerous security environment. A variety of foreign cybercriminals are targeting our advanced commercial capabilities, critical infrastructure, and economic well-being through various tactics, such as phishing and ransomware.[1] Malicious hackers target both large national corporations and local branches, offices, and warehouses. Their attacks impact individual businesses, people, and their surrounding communities.
Sharing information about cyber threats and incidents complicates attackers’ operations because defenders learn what to monitor and prioritize. Consequently, attackers are forced to invest more in new tools or target different victims. CISA 2015 helps defenders improve their security measures while raising costs for attackers.
Congress passed CISA 2015 with bipartisan support from both parties and the administration.[2] This important cybersecurity law enables private entities to increase their protection of data, devices, and computer systems while promoting the sharing of cyber threat information with industry and government partners within a secure policy and legal framework. CISA 2015 also provides protections for businesses related to public disclosure, regulatory issues, and antitrust matters to promote the timely exchange of information between public and private entities. Industry and government have a strong record of safeguarding privacy and civil liberties under this legislation.[3]
CISA 2015 is a cornerstone of American cybersecurity. It enhances businesses’ ability to respond swiftly to today’s cyber threats, including tackling cybersecurity issues and addressing them at scale. Lawmakers must send the CISA 2015 reauthorization legislation to the president to continue ensuring that businesses have legal certainty and protection against frivolous lawsuits when voluntarily sharing and receiving threat indicators and taking steps to mitigate cyberattacks.
Since the implementation of CISA 2015, collaboration in cybersecurity has improved significantly in several ways, including encouraging the development and/or the expansion of information sharing and analysis centers, or ISACs, across multiple sectors. These centers serve as hubs for sharing cybersecurity information within specific industries, thereby boosting sector-specific threat detection and response capabilities.
Cyber incidents underscore the need for legislation that helps businesses augment their understanding of cybersecurity threats and strengthen their protection and response capabilities in collaboration with government entities.[4] It is encouraging that leading members of the House and Senate Homeland Security and Intelligence committees advocated for the renewal of CISA 2015.[5]
The Coalition is dedicated to collaborating with the Trump administration and lawmakers to swiftly reauthorize CISA, thus enhancing national security and bolstering the resilience and protection of the U.S. business community.[6] Congressional action is urgently needed.
Sincerely,
ACT | The App Association
Airlines for America (A4A)
Alliance for Automotive Innovation
Alliance for Chemical Distribution (ACD)
American Chemistry Council (ACC)
American Council of Life Insurers (ACLI)
American Fuel & Petrochemical Manufacturers (AFPM)
American Gaming Association
American Gas Association (AGA)
American Institute of CPAs
American Petroleum Institute (API)
American Property Casualty Insurance Association (APCIA)
American Public Power Association (APPA)
American Short Line and Regional Railroad Association (ASLRRA)
American Water Works Association (AWWA)
ASIS International
Association of American Railroads (AAR)
Association of Metropolitan Water Agencies (AMWA)
Business Software Alliance (BSA)
College of Healthcare Information Management Executives (CHIME)
Connected Health Initiative (CHI)
CTIA
CyberAcuView
The Cybersecurity Coalition
Edison Electric Institute (EEI)
Electric Power Supply Association (EPSA)
The Fertilizer Institute (TFI)
The Financial Services Information Sharing and Analysis Center (FS-ISAC)
The GridWise Alliance
Healthcare Information and Management Systems Society (HIMSS)
Healthcare Leadership Council (HLC)
Health-ISAC
Internet Security Alliance (ISA)
Interstate Natural Gas Association of America (INGAA)
Large Public Power Council (LPPC)
National Association of Water Companies (NAWC)
National Defense Industrial Association (NDIA)
National Electrical Manufacturers Association (NEMA)
National Propane Gas Association (NPGA)
National Retail Federation (NRF)
NCTA—The Internet & Television Association
NTCA—The Rural Broadband Association
Open RAN Policy Coalition
Plumbing Manufacturers International (PMI)
Reinsurance Association of America (RAA)
Security Industry Association (SIA)
The Software & Information Industry Association (SIIA)
The Sulphur Institute
TIC Council
U.S. Chamber of Commerce
USTelecom—The Broadband Association
Utilities Technology Council (UTC)
[1] Annual Threat Assessment of the U.S. Intelligence Community, Office of the Director of National Intelligence, March 18, 2025.
https://www.dni.gov/files/ODNI/documents/assessments/ATA-2025-Unclassified-Report.pdf
[2] Consolidated Appropriations Act, 2016 (P.L. 114-113), December 18, 2015 (see division N, title I).
https://www.congress.gov/114/statute/STATUTE-129/STATUTE-129-Pg2242.pdf
[3] “Recent Inspector General reviews have not found that [personally identifiable information] has been shared in violation of the act.” Congressional Research Service, The Cybersecurity Information Sharing Act of 2015: Expiring Provisions, April 8, 2025.
https://www.congress.gov/crs-product/IF12959
[4] Cybersecurity: Selected Cyberattacks, 2012–2024, Congressional Research Service, January 8, 2025.
https://www.congress.gov/crs-product/R46974
[5] “A major cybersecurity law is expiring soon—and advocates are prepping to push Congress for renewal,” CyberScoop, February 26, 2025.
https://cyberscoop.com/cybersecurity-information-sharing-law-expiring-congress-renewal
[6] In April 2025, Secretary of Homeland Security Kristi Noem called for CISA 2015 to be reauthorized. “Homeland Security Secretary Noem urges partnerships to guide future of CISA, backs secure by design” Inside Cybersecurity, April 29, 2025.
