The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection opened a hearing warning that the Cybersecurity Information Sharing Act of 2015 (CISA 2015) must be reauthorized before it expires in September to avoid an immediate and damaging chill on threat information sharing.

The law “provided the legal framework to facilitate cyber information sharing between the federal government and the private sector,” Representative Swalwell said in his opening statement, adding, “We must move quickly to reauthorize CISA 2015 before it expires in September.” Witnesses from industry and security organizations echoed that urgency.

Why it matters: CISA 2015 created a voluntary, liability‑protected channel for sharing cyber threat indicators and defensive measures, and many witnesses told the subcommittee those protections enabled automated, high‑volume exchange that did not exist at scale before the law. John Miller, senior vice president for trust, data and technology at the Information Technology Industry Council, warned lawmakers that “we cannot allow the perfect to be the enemy of the good” and urged prompt reauthorization rather than risking a lapse. Carl Schimek, chief information security officer at Northern Trust speaking for financial services interests, said, “If the act lapses, our nation will be more vulnerable to cyberattacks the very next day.”

Most important facts: Testimony and questioning stressed three linked points. First, CISA’s statutory liability and privacy provisions are the principal incentives for companies to share threat data broadly and quickly. Second, congressional and administrative oversight should ensure CISA (the agency) and its programs can process, analyze and return useful information to the private sector. Third, witnesses recommended narrowly targeted updates rather than wholesale rewrites that could delay reauthorization.

Supporting details included examples used by witnesses: the law has enabled the Department of Homeland Security’s automated indicator sharing and other channels; one panelist cited a “major organization” that shared 84 formal reports this year, not counting informal daily exchanges. Multiple witnesses and members said reauthorization should be approached so that protections remain in place and future technical or policy improvements can be made through subsequent hearings or legislation.

Subcommittee direction and next steps: Members indicated a preference for prompt, “clean” reauthorization to avoid a gap and said additional hearings or draft language could follow to consider improvements. The record will remain open for members’ statements and written questions, and witnesses were asked to provide follow‑up information to the committee.

Ending: Lawmakers and witnesses uniformly framed reauthorization as an immediate priority; the subcommittee is collecting testimony and written input that members said can guide any later, targeted statutory changes.