Key Takeaways
- The Cybersecurity Information Sharing Act of 2015 is set to expire for the second time, and Congress may need to pass another short-term extension due to disagreements on a long-term deal.
- There are three different views on how to approach the reauthorization of the law, with the Trump administration and some Senators wanting a clean 10-year reauthorization, while others want to make changes to the law.
- The House Homeland Security Committee is working on other issues, including deconflicting federal cybersecurity regulations, the cyber workforce, and responding to the Chinese hacking group Salt Typhoon.
- The committee is also exploring the use of artificial intelligence in cybersecurity and will hold a hearing on the topic.
- Rep. Andrew Garbarino, Chairman of the House Homeland Security Committee, expects changes to be made to cyber workforce legislation sponsored by his predecessor.
Introduction to the Cybersecurity Information Sharing Act
The Cybersecurity Information Sharing Act of 2015 is a foundational law that provides legal protections to companies to share cyber threat data with the federal government and other companies. With only a month left before the law expires for the second time, Congress is facing a deadline to reauthorize the law. However, negotiations on a longer deal are not yet bearing fruit, and a key lawmaker has suggested that another short-term extension may be necessary.
Disagreements on Reauthorization
The problem with a long-term extension of the law is that there are three different views on how to approach it. The Trump administration and some Senators want a clean 10-year reauthorization of the law, which was extended last month until January 30 as part of the legislation that ended the government shutdown. However, this approach may run into opposition in the House, with the Freedom Caucus having criticized the Cybersecurity and Infrastructure Security Agency that is integral to implementing the 2015 law. Senate Homeland Security and Governmental Affairs Committee Chairman Rand Paul has a version of the bill that focuses on language to defend free speech, while House Homeland Security Chairman Andrew Garbarino has a different approach to tweaking the law.
Impact of Disagreements on the Reauthorization Process
The disagreements on reauthorization have significant implications for the cybersecurity landscape. If the law is not reauthorized, companies may be less likely to share cyber threat data with the federal government, which could hinder the government’s ability to respond to cyber threats. Furthermore, the lack of a long-term reauthorization could create uncertainty for companies and hinder their ability to invest in cybersecurity measures. Garbarino said that he doesn’t know if he can get a clean reauthorization passed in the House, and that discussions with the Senate are not yet close enough to determine which bill will pass. This leaves another extension tied to any funding bill that replaces the legislation currently funding the government, which also runs through January 30.
Other Issues Being Addressed by the House Homeland Security Committee
In addition to the reauthorization of the Cybersecurity Information Sharing Act, the House Homeland Security Committee is working on other issues related to cybersecurity. These include deconflicting federal cybersecurity regulations, the cyber workforce, and responding to the Chinese hacking group Salt Typhoon. The committee has been probing the government’s response to Salt Typhoon and recently sent another set of questions after not getting satisfactory answers the first time. Garbarino said that the committee is working closely with the China Select Committee to determine what legislative action can be taken in response to the breach.
The Role of Artificial Intelligence in Cybersecurity
The committee is also exploring the use of artificial intelligence in cybersecurity and will hold a hearing on the topic. Garbarino said that with the way adversaries are using AI, human intervention alone will not be enough to defend against cyber threats, and that AI will have to be part of the cyber defense. This is a critical issue, as the use of AI in cybersecurity has the potential to significantly improve the ability of companies and governments to respond to cyber threats. However, it also raises important questions about the potential risks and challenges associated with the use of AI in cybersecurity, such as the potential for AI systems to be used for malicious purposes.
Cyber Workforce Legislation
Rep. Sheri Biggs has picked up the baton on cyber workforce legislation sponsored by Garbarino’s predecessor as chairman, and Garbarino expects there to be some changes to the bill. The cyber workforce is a critical issue, as the demand for cybersecurity professionals is high, and the supply of skilled workers is limited. The legislation aims to address this issue by providing support for cybersecurity education and training programs, as well as incentives for companies to hire and retain cybersecurity professionals.
Conclusion
In conclusion, the reauthorization of the Cybersecurity Information Sharing Act of 2015 is a critical issue that requires urgent attention from Congress. The disagreements on reauthorization have significant implications for the cybersecurity landscape, and the lack of a long-term reauthorization could create uncertainty for companies and hinder their ability to invest in cybersecurity measures. The House Homeland Security Committee is working on other issues related to cybersecurity, including deconflicting federal cybersecurity regulations, the cyber workforce, and responding to the Chinese hacking group Salt Typhoon. The committee is also exploring the use of artificial intelligence in cybersecurity, which has the potential to significantly improve the ability of companies and governments to respond to cyber threats. Ultimately, the reauthorization of the Cybersecurity Information Sharing Act of 2015 is a critical step towards improving the cybersecurity posture of the United States, and Congress must work together to find a solution that addresses the concerns of all stakeholders.
