{"id":5744,"date":"2025-11-11T11:26:07","date_gmt":"2025-11-11T11:26:07","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=5744"},"modified":"2025-11-11T11:26:07","modified_gmt":"2025-11-11T11:26:07","slug":"senate-moves-to-restore-lapsed-cybersecurity-laws-after-shutdown","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=5744","title":{"rendered":"Senate moves to restore lapsed cybersecurity laws after shutdown"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Two cybersecurity laws that lapsed during the government shutdown moved closer to restoration on Monday after the Senate voted 60-40 to advance legislation extending them through January 2026.<\/p>\n

The continuing resolution would restore the Cybersecurity Information Sharing Act of 2015 and the Federal Cybersecurity Enhancement Act, which expired on October 1<\/a> when Congress failed to pass a spending bill before the fiscal year deadline. The measure required additional procedural votes in the Senate this week before moving to the House for approval and then to President Trump\u2019s desk.<\/p>\n

The lapse stripped companies of the legal protections that had encouraged voluntary sharing of cyber-threat indicators with federal agencies and other organizations.<\/p>\n

Without liability shields, antitrust exemptions, or Freedom of Information Act protections, many firms faced new legal exposure and slowed information exchange. Security experts warned the interruption risked slowing threat-intelligence flows at a time of rising nation-state and ransomware activity.<\/p>\n

\u201cAfter a record-breaking shutdown, we can now see the light at the end of the tunnel,\u201d Senator Kevin Cramer said in a statement<\/a> following Sunday\u2019s procedural vote.<\/p>\n

What the bill restores<\/h2>\n

The continuing resolution temporarily extended both cybersecurity statutes. \u00a0Section 141 of the bill<\/a> extends CISA 2015\u2019s sunset date through January 2026, stating: \u201cSection 111(a) of the Cybersecurity Information Sharing Act of 2015 (6 U.S.C. 1510(a)) shall be applied by substituting the date specified in section 106 of this Act for \u2018September 30, 2025.\u201d<\/p>\n

The legislation reinstated the legal and procedural safeguards that allow companies to share threat data with the government, and it renews authorization for CISA to provide network-security services, including the EINSTEIN intrusion-detection system, to civilian agencies under the Federal Cybersecurity Enhancement Act.<\/p>\n

The short-term extension, however, sets up another expiration in two months, leaving open whether Congress will pursue a full reauthorization or opt for another stopgap.<\/p>\n

Kevin Kirkwood, CISO at Exabeam, said the brief lapse presents an opportunity to reconsider how the threat-sharing framework operates. \u201cAt its core, CISA aimed to foster collaboration between the private sector and government by encouraging voluntary sharing of threat intelligence\u2014something that absolutely matters in today\u2019s threat landscape,\u201d he said.<\/p>\n

\u201cThe problem isn\u2019t with the sharing, it\u2019s with the inevitable bloat that comes when federal agencies expand their footprint under the banner of cybersecurity coordination,\u201d Kirkwood added. \u201cThis is the moment to rethink what version 2.0 should look like. We need a leaner, more focused model that preserves the flow of intelligence but resists the gravitational pull of centralized bureaucracy.\u201d<\/p>\n

What the lapse meant for enterprises<\/h2>\n

The expiration of CISA 2015 eliminated legal protections for sharing threat information, disrupting the real-time intelligence exchanges that had become routine over the past decade. Without its statutory shields, organizations faced potential liability for monitoring networks, sharing defensive measures, and coordinating responses with peers and federal agencies.<\/p>\n

The law had explicitly authorized private entities to take defensive measures against cyberattacks, monitor their own and customers\u2019 networks with consent, and exchange indicators to strengthen detection and response. It also protected shared data from public disclosure under FOIA and shielded participating companies from antitrust claims tied to joint defense activities.<\/p>\n

Companies that previously shared threat data automatically needed lawyers to review each exchange, determining what laws might be violated and whether existing agreements covered the information transfer.<\/p>\n

The expiration of the Federal Cybersecurity Enhancement Act also ended statutory authority for CISA to operate the EINSTEIN program and other network-security services for civilian agencies, adding operational strain across government networks.<\/p>\n

Broader provisions and workforce impact<\/h2>\n

Beyond restoring the cybersecurity laws, the continuing resolution included measures to protect federal employees affected by the shutdown. The bill will \u201cprotect federal workers from baseless firings, reinstate those who have been wrongfully terminated during the shutdown, and ensure federal workers receive back pay,\u201d Senator Tim Kaine said in a statement<\/a>, adding that the provisions were critical for earning his support.<\/p>\n

CISA\u2019s workforce shrank by nearly a third during the shutdown through buyouts, deferred resignations, and layoffs, falling from roughly 3,300 to about 2,200 employees. Divisions, including Stakeholder Engagement and Infrastructure Security, were hit hardest. The new workforce protections could reverse some of those losses once the bill becomes law.<\/p>\n

The continuing resolution extended current government funding levels through January 2026, according to Cramer\u2019s office. Eight Democrats joined Republicans to advance the bill.<\/p>\n

Suppose the resolution clears both chambers as expected. In that case, Congress will face another funding deadline early next year \u2014 and with it, another test of how well Washington can balance political gridlock with national cyber resilience.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Two cybersecurity laws that lapsed during the government shutdown moved closer to restoration on Monday after the Senate voted 60-40 to advance legislation extending them through January 2026. The continuing resolution would restore the Cybersecurity Information Sharing Act of 2015 and the Federal Cybersecurity Enhancement Act, which expired on October 1 when Congress failed to […]<\/p>\n","protected":false},"author":0,"featured_media":5745,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5744","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5744"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5744"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5744\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/5745"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}