Two senators have introduced a bipartisan bill to extend provisions originally in the Cybersecurity Information Sharing Act of 2015. The senators, Senators Gary Peters (D-MI), Ranking Member of the Homeland Security and Governmental Affairs Committee, and Mike Rounds (R-SD), who Serves as Chairman of Senate Armed Services Committee (SASC) Subcommittee on Cybersecurity, want to extend the law by 10 years. 

The Cybersecurity Information Sharing Act of 2015 provides legal protections for sharing threat information, allowing information sharing via several avenues. The current law is set to expire in September. 

Below, security leaders share their thoughts on extending this bill. 

Security leaders weigh in 

April Lenhard, Principal Product Manager at Qualys:

Reauthorizing the Cybersecurity Information Sharing Act (CISA) isn’t just a bureaucratic box-check — it’s about keeping the digital lines of communication open between the private sector and government. CISA has been instrumental in streamlining information flows that strengthen national cybersecurity defenses. Renewing CISA for another decade will preserve the continuity of critical threat intelligence exchanges within the private sector and between private entities and the federal government. CISA’s bipartisan support underscores how a voluntary and collaborative information sharing framework remains a robust tool for collectively defending against evolving cyber threats. Recent developments — such as the near-expiration of MITRE’s CVE program — highlight the complex interdependence between public and private sectors in both network defense and intelligence contribution: the entire threat intelligence ecosystem feels the ripple.

Casey Ellis, Founder at Bugcrowd:

Cybersecurity is a team sport, and the truth of this idea is only becoming more obvious in a progressively more hostile global environment. The Cybersecurity Information Sharing Act provides a safe framework for information sharing, and underpins both public/private partnership sharing and the “in community” sharing that powers United States-based ISACs. I’m very glad to see Senator Rounds and Senator Peters moving this along.

Chad Cragle, CISO at Deepwatch:

From a defender’s standpoint, the Cybersecurity Information Sharing Act has been one of the few legislative tools that truly moved the needle. It gave the industry the legal clarity to share threat intel quickly, directly and without second-guessing the lawyers. Programs like JCDC have only amplified that value, allowing us to work shoulder-to-shoulder with the government in an operational, rather than just performative, way. If the law is allowed to lapse, it reintroduces hesitation at the wrong time. Threat actors aren’t slowing down — and we can’t afford to either.

At the same time, a renewal shouldn’t simply be a rubber stamp. The threat landscape has evolved significantly over the past decade, as have the risks associated with data handling and cross-sector coordination. This is an opportunity to fine-tune the law, preserving its core strength while ensuring it reflects today’s privacy expectations, supply chain realities, and operational complexity. Getting this right means building on what works while adapting to what has changed.