[{"_1":2,"_98":-5,"_99":-5},"loaderData",{"_3":4,"_26":27},"root",{"_5":6,"_17":10,"_18":19,"_20":21,"_22":10,"_23":-5,"_24":-5,"_25":10},"user",{"_7":8,"_9":10,"_11":10,"_12":-5,"_13":-5,"_14":15,"_16":-5},"roles",[],"isAuthenticated",false,"isPremium","planName","subscriptionStatus","featureFlags",{},"insightsBudget","isDevelopmentHost","userPreferences",{},"recaptchaSiteKey","6LcvOJcUAAAAAHsB-gPGfGktcRlKpH7OTIU_dMTD","isImpersonating","impersonation","affiliateStatus","isFreedomPortal","routes/v2/article/layout",{"_28":29,"_30":31},"notFound",true,"relatedArticles",[32,75,86],{"_33":34,"_35":36,"_37":38,"_39":40,"_41":42,"_43":44,"_45":46,"_47":48,"_49":50,"_51":52,"_53":54,"_55":56,"_57":58,"_59":60,"_61":62,"_63":64,"_65":66,"_67":68,"_69":70,"_71":72,"_73":72,"_74":72},"mediaId",6236680,"mediaKeyId","3355652-da09b63482fb80c5a617ce96f5f5cf8e","parentId",3355652,"title","Members, witnesses warn CISA staffing and advisory‑body losses weaken information‑sharing backbone","audioSeconds",334,"startMs",2745000,"endMs",2411000,"viewUrl","/Search/View?dp=1&key=3355652-da09b63482fb80c5a617ce96f5f5cf8e&start=2745&end=2411","thumbnailUrl","https://assets.pipeline.soar.com/3355652-da09b63482fb80c5a617ce96f5f5cf8e/thumbnail_2745000.jpg","articleUrl","/articles/6236680/Members-witnesses-warn-CISA-staffing-and-advisorybody-losses-weaken-informationsharing-backbone","mediaUrl","https://secure.pipeline.soar.com/6236680-699f7be4127a21865f3a555a2c6942e9/orig.mp4?Expires=1771189214&Signature=kZJa7HV4~tx5f9O~n6H-6ZYylkaWLQ~qW-DfQpbFQk3T~yqkWjtbpFDsKUv3kkqAxjiMqGPHUrBqjEbMIZ1mWQQSic-AmVJXCiQhZmlCp6eQHn-nm5VU47NccAc9m6fWtHXo54asaO4tUUrCq~xmBZDhQkbNXTwCb3NwXrF-Z5w-WpzueP2nfdSyOwJrSUmCoMvudRZoJ801v6GPgoUQLBTkLcOaO3a6Ez6C90zMuKoVYzIWOQg~eZLj0bZLoagPEOCnvNBKeE5Fm4dS8nhS36OYjaV9w00AKXymOX-v2XN19o1imZDizdrPBbF~V6mVgX6CLjHXYB4L7GEPhRF5vQ__&Key-Pair-Id=KUT5TJCACFTXG","author","U.S. House Committee on Homeland Security","date","2025-05-16T07:29:02Z","article","Lawmakers and witnesses at a House Homeland Security Subcommittee hearing said reauthorizing the Cybersecurity Information Sharing Act of 2015 should be matched with sufficient resources and restored advisory forums to ensure the statute produces usable, timely threat intelligence.

Representative Magaziner told the panel that the Cybersecurity and Infrastructure Security Agency (CISA) “makes our country safer” but warned that planned budget cuts would undercut that mission: he said the administration’s fiscal 2026 proposal would cut “nearly half a billion dollars from CISA’s budget” and that reports showed plans to cut “over a thousand jobs.”

Witnesses said those staffing and funding concerns compound the effect of lost forums. Catherine Keane, CISO in residence at the National Technology Security Coalition, testified that the termination of the Critical Infrastructure Partnership Advisory Council (CPAC), the disbanding of the Cyber Safety Review Board and recent changes to the Cybersecurity Advisory Committee “have undermined public‑private cooperation in cybersecurity.” Keane and other panelists praised the Joint Cyber Defense Collaborative (JCDC) as a useful operational channel; Keane said JCDC “allows for rapid distribution when threat happens between industry and government.”

Why it matters: Committee members and witnesses described a chain: statutory protections under CISA 2015 enable private‑public sharing, but the value of shared indicators depends on CISA’s ability to receive, analyze and return actionable information and on advisory bodies that translate operational lessons across sectors. Several witnesses said without adequate staffing and functioning advisory mechanisms, information would be slower to reach smaller companies and local infrastructure operators that lack in‑house cybersecurity capacity.

Details and examples: Representative Magaziner and witnesses gave examples of harms to small and medium enterprises, such as an anecdote offered by a witness about a small concrete distributor that closed after a ransomware incident because the company lacked resources to recover. Witnesses urged Congress to codify or reestablish collaborative functions (for example, reviving CPAC or codifying a CPAC‑like advisory role) and to ensure CISA has the workforce and funding to run automated processes like Automated Indicator Sharing (AIS) and the Joint Cyber Defense Collaborative.

Subcommittee implications: Members signaled intent to press the administration and CISA on workforce and budgeting decisions while proceeding with reauthorization. Several said a clean reauthorization should not preclude parallel oversight to restore advisory councils and to confirm CISA has the staff and systems to operationalize information sharing.

Ending: Lawmakers and witnesses emphasized that statutory protections alone are insufficient: staffing, funding, and functioning advisory bodies are needed to make threat information timely and actionable for small and large organizations alike.","mediaType","Video","parentTitle","Reauthorizing Cybersecurity Information Sharing Activities that Underpin U.S. National Cyber Defense","oneSentenceSummary","Lawmakers and witnesses at a House Homeland Security Subcommittee hearing said reauthorizing the Cybersecurity Information Sharing Act of 2015 should be matched with sufficient resources and restored advisory forums to ensure the statute produces usable, timely threat intelligence.","taxTitle","Homeland Security: House Committee, Standing Committees - House & Senate, Congressional Hearings Compilation, Legislative, Federal","taxId",1831,"location","","headline","shortSummary",{"_33":76,"_35":36,"_37":38,"_39":77,"_41":78,"_43":79,"_45":79,"_47":80,"_49":81,"_51":82,"_53":83,"_55":56,"_57":58,"_59":84,"_61":62,"_63":64,"_65":85,"_67":68,"_69":70,"_71":72,"_73":72,"_74":72},6236685,"Bipartisan push to reauthorize CISA 2015, witnesses warn of immediate harm if law lapses",0,522000,"/Search/View?dp=1&key=3355652-da09b63482fb80c5a617ce96f5f5cf8e&start=522&end=522","https://assets.pipeline.soar.com/3355652-da09b63482fb80c5a617ce96f5f5cf8e/thumbnail_522000.jpg","/articles/6236685/Bipartisan-push-to-reauthorize-CISA-2015-witnesses-warn-of-immediate-harm-if-law-lapses","https://secure.pipeline.soar.com/6236685-b20761be7cabad2511ccf415de5dde38/orig.mp4?Expires=1771189214&Signature=k9XUGllKGqH8Uz9XP1hiLsUzpdY~W6Mdo3P90BXvditIgAYD1QvhdmEPK0XEjNzPTx1ZQpdTS4lsyGws2vrnzqe0SH9gasYUZk5Qy0GJisPD46sAnk6Dt~F8Exu293hAcS5gi3-Cw5g7WaI3vpNHEBFashDEjwu3HlHrFjFZGeqxDVhIE8-zsEpFIfF1F5cJw0wEvdRy4ChXuFEBcCk0FBcU7GuV0H3zZb~ojLGowPXU5tKfQ4bidPMx9JYZiSkxL6ciVmuHbNlrDpmIITCyextmFQK-AGDQKsfx3krIQfDfkkd7ZiTejh07Q43f6Fh0V1IvPglbuK6j5X9Af6xh2g__&Key-Pair-Id=KUT5TJCACFTXG","The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection opened a hearing warning that the Cybersecurity Information Sharing Act of 2015 (CISA 2015) must be reauthorized before it expires in September to avoid an immediate and damaging chill on threat information sharing.

The law “provided the legal framework to facilitate cyber information sharing between the federal government and the private sector,” Representative Swalwell said in his opening statement, adding, “We must move quickly to reauthorize CISA 2015 before it expires in September.” Witnesses from industry and security organizations echoed that urgency.

Why it matters: CISA 2015 created a voluntary, liability‑protected channel for sharing cyber threat indicators and defensive measures, and many witnesses told the subcommittee those protections enabled automated, high‑volume exchange that did not exist at scale before the law. John Miller, senior vice president for trust, data and technology at the Information Technology Industry Council, warned lawmakers that “we cannot allow the perfect to be the enemy of the good” and urged prompt reauthorization rather than risking a lapse. Carl Schimek, chief information security officer at Northern Trust speaking for financial services interests, said, “If the act lapses, our nation will be more vulnerable to cyberattacks the very next day.”

Most important facts: Testimony and questioning stressed three linked points. First, CISA’s statutory liability and privacy provisions are the principal incentives for companies to share threat data broadly and quickly. Second, congressional and administrative oversight should ensure CISA (the agency) and its programs can process, analyze and return useful information to the private sector. Third, witnesses recommended narrowly targeted updates rather than wholesale rewrites that could delay reauthorization.

Supporting details included examples used by witnesses: the law has enabled the Department of Homeland Security’s automated indicator sharing and other channels; one panelist cited a “major organization” that shared 84 formal reports this year, not counting informal daily exchanges. Multiple witnesses and members said reauthorization should be approached so that protections remain in place and future technical or policy improvements can be made through subsequent hearings or legislation.

Subcommittee direction and next steps: Members indicated a preference for prompt, “clean” reauthorization to avoid a gap and said additional hearings or draft language could follow to consider improvements. The record will remain open for members’ statements and written questions, and witnesses were asked to provide follow‑up information to the committee.

Ending: Lawmakers and witnesses uniformly framed reauthorization as an immediate priority; the subcommittee is collecting testimony and written input that members said can guide any later, targeted statutory changes.","Members of the House Homeland Security Subcommittee and cybersecurity witnesses urged quick reauthorization of the Cybersecurity Information Sharing Act of 2015 (CISA 2015), saying the law’s liability and privacy protections underpin large-scale sharing and that letting it lapse would chill information exchange and weaken defenses.",{"_33":87,"_35":36,"_37":38,"_39":88,"_41":89,"_43":90,"_45":91,"_47":92,"_49":93,"_51":94,"_53":95,"_55":56,"_57":58,"_59":96,"_61":62,"_63":64,"_65":97,"_67":68,"_69":70,"_71":72,"_73":72,"_74":72},6236674,"Panel urges narrow technical updates to CISA 2015 for supply‑chain, AI and indicator sharing",1909,1468000,3377000,"/Search/View?dp=1&key=3355652-da09b63482fb80c5a617ce96f5f5cf8e&start=1468&end=3377","https://assets.pipeline.soar.com/3355652-da09b63482fb80c5a617ce96f5f5cf8e/thumbnail_1468000.jpg","/articles/6236674/Panel-urges-narrow-technical-updates-to-CISA-2015-for-supplychain-AI-and-indicator-sharing","https://secure.pipeline.soar.com/6236674-baa2cc8445f953fd707dd305b9691ce1/orig.mp4?Expires=1771189214&Signature=C9yn8Lj~Im5Byujqoi0x3aPVBQTQ5Y3DufNPtJ02HI6vOY4vQCmy6wqocv2IQDAoDBCLbQh8oAirznJaiKRgcMUQvQzDuhf3Cbu-8apG5o6YcT1PYEY4YOaJM9hUkLzAMw7aUJfi7ZJ2TLUW8kc5acybm-xgvYCTrTHcs30HyO0JEW-4TDIBe~rLK2~jgM43Ne~ugOBI4oW5zJBBZlrVpwgndMEszlSHFTK8fz6uTPc0TR7lJ8qHtGuR438q~Y3hWJLdDLYQv2K3NlBwm3Mi5gL9d7pDslHXi0oq7QITdi1SBvPK2zzogGGu5e3duihvNDxnJjIB0Dw6-9YuRPXaWA__&Key-Pair-Id=KUT5TJCACFTXG","Industry witnesses told a House Homeland Security Subcommittee that CISA 2015 should be reauthorized quickly but amended later with narrowly tailored changes to reflect software supply‑chain risks, artificial intelligence‑driven threats, and modernization of sharing systems.

John Miller of the Information Technology Industry Council recommended a focused rubric: assess whether existing statutory definitions—such as “cyber threat indicator”—adequately capture today’s threats, including software supply‑chain signals. He suggested considering additions that would allow companies to share information about suspect suppliers and software‑supply incidents under the statute’s liability protections.

On artificial intelligence, witnesses described both opportunity and risk. Miller said artificial intelligence “can be used both, as a sword and a shield,” echoing committee discussion that defenders and adversaries alike are adopting AI capabilities. Carl Schimek and others urged investment in automated and AI‑enabled defensive tools and recommended exploring how to modernize Automated Indicator Sharing (AIS), which was designed a decade ago and now faces new data types and higher volumes.

Why it matters: Testimony emphasized the need to preserve the law’s protective framework while ensuring statutory definitions and federal programs keep pace with novel threats—ransomware, operational technology intrusions, software‑supply‑chain attacks and AI‑driven campaigns. Panelists recommended updates that would expand the law’s coverage in narrowly defined ways (for example, to allow sharing of supply‑chain indicators) and to invest in modernized platforms for rapid, machine‑readable exchange.

Committee considerations: Several members and witnesses urged a two‑step approach: (1) clean reauthorization to avoid a statutory gap, then (2) prompt committee work to draft and consider targeted amendments (definitions, AIS modernization, and codification or functional replacement of advisory councils). Witnesses offered to provide technical suggestions to staff.

Ending: The subcommittee collected technical recommendations and asked witnesses to submit more precise language for possible floor or committee consideration—moving the debate from whether to reauthorize toward how to calibrate limited, technical updates after renewal.","Witnesses recommended targeted, surgical changes to CISA 2015—updating definitions to cover software supply‑chain signals, modernizing automated indicator sharing (AIS), and accounting for AI‑era threats—while cautioning that wholesale rewrites could delay reauthorization.","actionData","errors"]

Article not found

Members, witnesses warn CISA staffing and advisory‑body losses weaken information‑sharing backbone

Bipartisan push to reauthorize CISA 2015, witnesses warn of immediate harm if law lapses

Panel urges narrow technical updates to CISA 2015 for supply‑chain, AI and indicator sharing