National Security In Limbo As Gaps Open Amid Washington Gridlock

The Cybersecurity and Information Sharing Act (CISA) of 2015 officially expired on Wednesday after Congress failed to reauthorize it as part of broader budget negotiations. CISA enabled private companies to share threat data with federal agencies while shielding them from liability and antitrust risks.

With the government now shut down and the law lapsed, experts warn the flow of real-time threat intelligence may slow dramatically.

Simultaneously, the Cybersecurity and Infrastructure Security Agency, also referred to as CISA, faces sharp personnel cutbacks. About two-thirds of its staff are being furloughed under a Department of Homeland Security (DHS) contingency plan.

The impact of this legal uncertainty and staffing shortage comes during a sharp increase in global cyber threats and recent high-profile attacks on U.S. entities by state-linked hackers.

Why It Matters: The expiration of CISA 2015 and the furlough of critical cybersecurity staff come at a time when cyberattacks against the U.S. are becoming more frequent and sophisticated. The disruption of legal protections and reduction in workforce capacity weakens national readiness, potentially leaving public and private sector systems more vulnerable to attack, especially with communication pipelines and defensive coordination impaired.

• Legal Protections for Cyber Threat Sharing Have Ended: With the expiration of the Cybersecurity and Information Sharing Act of 2015, companies are no longer shielded from legal liabilities when voluntarily sharing cyber threat indicators with the federal government. This includes the loss of protections from lawsuits, antitrust violations, and Freedom of Information Act (FOIA) disclosures. Experts fear this will cause companies to hesitate or refrain entirely from disclosing potential threats, undermining a vital early warning system and weakening the collective cybersecurity posture across industries.

• Workforce Reductions at CISA Create Operational Gaps: The Department of Homeland Security’s contingency plan calls for furloughing about two-thirds of the Cybersecurity and Infrastructure Security Agency’s staff, reducing active personnel from 2,540 to just 889. This sudden drop in manpower threatens to delay key federal cybersecurity functions, including threat analysis/monitoring and enforcement of cyber standards. Experts warn that the resulting service disruptions could leave agencies and businesses flying blind during ongoing cyber campaigns by foreign adversaries.

• Senate Stalemate Derails Reauthorization: Senators Gary Peters (D-MI) and Mike Rounds (R-SD) introduced legislation in April to extend CISA’s authority for another decade. However, political disagreements, particularly resistance from Sen. Rand Paul (R-KY prevented a consensus. Despite a temporary extension included in a House-passed stopgap spending bill, the Senate’s failure to advance it led to the law’s expiration as part of the broader government shutdown.

• Cyber Threats Intensifying as Defenses Weaken: The expiration of CISA 2015 comes at a precarious time. U.S. networks have recently faced attacks from state-linked hacking groups such as Salt Typhoon, reportedly affiliated with China, and Iranian operatives tied to the Islamic Revolutionary Guard Corps. These breaches have targeted political campaigns, military units, and telecommunications providers, raising concerns about espionage and election interference. Without legal protections and a fully staffed cybersecurity workforce, the nation may struggle to detect and contain future attacks.

• Long-Term Consequences: The shutdown and loss of legal frameworks may trigger long-term damage to federal cyber operations. Furloughed employees may seek more stable private-sector roles, further depleting the federal government’s cyber expertise. The legal uncertainty could also strain public-private trust, discouraging information sharing even after reauthorization occurs. Experts warn that these setbacks could leave the U.S. less agile and resilient in facing emerging digital threats for years to come.

Go Deeper -> Cyberthreat sharing law expires as government shuts down – The Hill

Two-thirds of CISA personnel could be sent home under shutdown – Cyberscoop