By Shreya Johar, Cyber Security and Quantum Policy Research Fellow at Gen-Z Emerging Technology Action (ZETA)

In a world where our daily lives and national security increasingly depend on digital systems, the need to protect our data has never been more urgent. Our digital infrastructure is the backbone of public safety, economic strength, and government operations, making cybersecurity vital to nearly every aspect of our modern lives. Yet, the federal framework responsible for ensuring this defense is facing uncertainty. 

CISA Context:

The Cybersecurity Information Sharing Act (CISA) of 2015 was enacted 10 years ago in order to improve and establish a united front against cyber threats. It provided liability protection for companies sharing cyber threat information with the government, encouraging faster and more transparent information exchange between the public and private sectors. In the decade since its inception, CISA has been used to help address a range of cyber threats, from the SolarWinds breach to foreign attacks and operations like Volt Typhoon. As emerging technologies rapidly evolve and grow increasingly advanced, timely information sharing has become essential for protecting national security.

Now that the original legislation has lapsed, lawmakers from both parties are pushing to reauthorize CISA to ensure it can continue safeguarding the country’s digital infrastructure. Reauthorization would not only affirm the federal government’s commitment to cybersecurity, but also reflect the heightened urgency of today’s tumultuous digital landscape. With the rapid advancement of artificial intelligence, quantum computing, and increasingly sophisticated cyber attacks, experts warn that failing to renew CISA could leave the nation vulnerable with detrimental gaps in digital defense.

Impact:

When CISA was active, it played a vital role in coordinating responses to major cyber incidents. Companies were able to share threat indicators like IP addresses and malware signatures in real time, allowing federal agencies to quickly trace and contain breaches like ransomware attacks targeting hospitals and critical infrastructure.  

Without the liability protections offered by this legislation, private companies may become increasingly hesitant to share cyber threat information with federal agencies, fearing legal or reputational consequences. This could weaken one of the most critical aspects of our national defense: the rapid exchange of intelligence across public and private spheres. By slowing down communication, we risk letting vulnerabilities linger and give adversaries more time to exploit them.

By reauthorizing CISA, Congress would restore the legal certainty that allows public and private spheres to work in harmony. Cross-collaboration across sectors has proven both efficient and necessary time and time again, enabling unified action, faster detection, and streamlined mitigation of cyber threats. 

As emerging technologies like quantum computing begin to reshape the cyber landscape and threaten to render our current encryption methods obsolete, timely partnerships between the government and the private companies driving innovation have never been so urgent.

Current Congressional Standing:

The House Homeland Security Committee reported a bi-partisan short-term extension of CISA, but efforts stalled in the Senate when the Continuing Resolution failed to pass. The Senate had previously included a 10-year extension in the Intelligence Authorization Act and later in the National Defense Authorization Act, but efforts ultimately faced deadlock. Despite clear bi-partisan support for CISA, political gridlock has left the legislation in limbo, leaving our country vulnerable to increasingly advanced cyberattacks. Several technology companies have united to urge Congress to reauthorize this law, including Palo Alto Networks and Business Software Alliance, emphasizing the importance of continued protections and information-sharing mechanisms in defending the nation’s digital infrastructure. 

ZETA’s Commitment:

As an organization focused on Gen-Z leadership in technology policy, ZETA is committed to supporting cybersecurity protections that ensure emerging technologies are safely developed and deployed. Without CISA’s reauthorization, the digital infrastructure that our members and young innovators rely on is at risk. By advocating for CISA, ZETA is helping ensure that policymakers understand the critical role of cybersecurity in fostering a safe and resilient ecosystem for the next generation. Beyond our organization, ZETA believes CISA is essential for upholding the digital environments that support Gen-Z in their education, work, and civic engagement.