House Homeland Security Committee Chairman Andrew Garbarino, R-N.Y., said on Tuesday that Congress may need to do another short-term extension of a critical cybersecurity information-sharing law.
The Cybersecurity Information Sharing Act of 2015 – or CISA 15 – established a legal framework for government and industry members to share cybersecurity threat data. The law expired at midnight on Sept. 30, but Congress extended it last month until Jan. 30 as part of the funding package to reopen the federal government.
Extending the legislation has bipartisan support, and several bills are under consideration. It’s unclear which version will be successful, however.
“Our colleagues in the Senate have different ideas. Some of them want to do a 10-year clean [reauthorization]. I don’t know if I can get that passed in the House, with concerns from the Freedom Caucus,” Garbarino said at an event hosted by Auburn University’s McCrary Institute.
Garbarino said that Senate Homeland Security and Governmental Affairs Committee Chairman Rand Paul, R-Ky., also “has some thoughts that he would like to get done.” Paul previously supported a bill that would extend CISA 15 for two years and looked to broaden federal oversight of cyber threat sharing.
Meanwhile, Garbarino’s version of the bill – the Widespread Information Management for the Welfare of Infrastructure and Government Act (WIMWIG Act) – would extend the law another 10 years.
“It’s imperative that gets passed, and it gets extended,” Garbarino said, adding, “I don’t know how it gets done on its own. I feel like we have to attach it to another piece of legislation.”
“Unfortunately, I don’t think we’re close enough with the discussions on the Senate [side] to figure out which bill will pass and what will get done,” he said.
Due to the uncertainty, Garbarino said it’s possible that CISA 15 may be included in another short-term extension, “which is unfortunate.”
SLCGP support
Additionally, the lawmaker voiced his support for the reauthorization of the State and Local Cybersecurity Grant Program (SLCGP). That law also expired at midnight on Sept. 30, and Congress later extended it until Jan. 30.
Congress established the SLCGP as part of the Infrastructure Investment and Jobs Act of 2021. The grant program provided $1 billion in funding over four years to help state and local governments bolster their cyber defenses.
The Protecting Information by Local Leaders for Agency Resilience Act (PILLAR Act), which would extend the SLCGP, passed the House last month.
“We’d love to see the Senate move that,” Garbarino said of the legislation. “If the Senate won’t take it up individually, we’re trying to find a vehicle to attach it to to get it done.”