Policy and Legal

A critical law that safeguards Americans from cybersecurity threats is due to expire on Sept. 30—and Congress must reauthorize it before that happens, the NAM told Congress this week.

What’s going on: “The Cybersecurity Information Sharing Act of 2015 (CISA 2015) has been instrumental over the past decade in protecting Americans from cybersecurity threats by supporting companies’ efforts to share cybersecurity information with one another and with the federal government,” NAM Managing Vice President of Policy Charles Crain told the House Committee on Homeland Security and the Senate Committee on Homeland Security and Governmental Affairs on Monday.

• Through their relationships with customers, vendors, suppliers and governments, manufacturers are entrusted with vast amounts of sensitive data and intellectual property. With its information-sharing requirements, CISA 2015 has been instrumental in helping them keep that information safe.
• Prior to the law’s enactment, many businesses were reluctant to share cyberthreat information due to liability and public disclosure concerns.

How it works: “By enabling the rapid dissemination of security intelligence, information sharing diminishes the ability of malicious actors to gain economies of scale as they seek to replicate attacks against multiple targets,” the NAM continued.

• “It also allows government agencies and private sector Information Sharing and Analysis Centers to develop a comprehensive and authoritative view of patterns and trends across industries and geographies, and thus to promote effective systemic responses.”
• It also helps create trust between cybersecurity personnel across various organizations.

What Congress should do: “With less than four months before the expiration of CISA 2015, manufacturers call on Congress to make its reauthorization a priority,” the NAM urged.