Citizen Portal
Sign In

Witnesses urge swift reauthorization of CISA 2015 and reforms to public‑private information sharing

3576781 · May 20, 2025

Get AI-powered insights, summaries, and transcripts

Subscribe
AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

Witnesses at the House Homeland Security field hearing recommended reauthorizing the Cybersecurity Information Sharing Act of 2015 (CISA 2015), strengthening CISA's role in cross‑sector coordination and improving information sharing mechanisms such as the JCDC and pre‑ransomware notifications.

At a House Committee on Homeland Security field hearing at the Hoover Institution, witnesses and lawmakers emphasized the importance of preserving and improving public‑private information sharing to counter state and criminal cyber threats.

"Information sharing between the public and private sectors heavily relies upon this act, so it's imperative that Congress reauthorizes CISA 2015 before it expires later this year," Congressman Garberino said, urging quick legislative action. Several witnesses echoed that call and described programs that rely on trust and legal protections to share sensitive operational information.

Janette Manfra, who previously served as assistant director for cybersecurity at CISA and now leads global risk and compliance at Google Cloud, recommended regulatory harmonization and clear reciprocity among certification regimes to make information sharing and compliance more practical. She told the committee that harmonized baseline standards and reciprocity would reduce duplicative reviews and streamline cross‑sector coordination.

Witnesses described existing, operational information‑sharing efforts as proof of concept. Janette Manfra and former CISA officials noted the agency's pre‑ransomware notification initiative as an example: security researchers notify CISA of imminent attacks so the agency can warn affected owners and operators—a practice Manfra said has prevented thousands of incidents. Several witnesses and members asked for reforms to the Joint Cyber Defense Collaborative (JCDC) to make it more structured and to ensure information flows both ways between government and industry.

Panelists also emphasized legal protections as central to sharing. Cable and other witnesses asked Congress to preserve liability and other protections that encourage private entities and researchers to share timely threat intelligence with CISA and law enforcement. No formal reauthorization vote occurred at the hearing; members indicated they will press for legislative timelines to be met.