WASHINGTON D.C.— Today, Rep. Andrew Garbarino (R-NY), chairman of the Subcommittee on Cybersecurity and Infrastructure Protection, delivered the following opening statement in a hearing to weigh the reauthorization of the “Cybersecurity Information Sharing Act of 2015” (CISA 2015), which is set to expire in September 2025, and discuss opportunities for reform.

Watch Chairman Garbarino’s full opening statement in a hearing entitled, “In Defense of Defensive Measures: Reauthorizing Cybersecurity Information Sharing Activities that Underpin U.S. National Cyber Defense.”

As prepared for delivery:

Information sharing is a critical component of our nation’s defense against global cyber threats. From utility companies in rural areas to major banks on Wall Street, the private sector is on the frontlines of the digital battlefield, frequently defending itself from malicious cyber actors.

Securing the United States in cyberspace requires a whole-of-society approach—strong partnerships and close coordination between industry and government at all levels. Our national resilience against cyber threats is reinforced by sharing threat information and best practices among all stakeholders. Nearly ten years ago, Congress passed the Cybersecurity Information Sharing Act of 2015 (CISA 2015), establishing a framework for the voluntary exchange of cybersecurity information between private entities and the federal government.

By providing liability and privacy protections for information shared in accordance with the statute, CISA 2015 removed longstanding barriers to public-private collaboration in cybersecurity. Over the past decade, the threat landscape has evolved significantly, with sophisticated nation-state and criminal actors increasingly exploiting cyberspace to target infrastructure and individuals. As these threats continue to rise, CISA 2015 has become more vital than ever. The law has fostered a foundation of trust among cybersecurity stakeholders, making information sharing the default rather than an exception.

A significant volume of critical cyber threat intelligence has been exchanged between industry and government under this law. For instance, just this year, a major organization shared 84 formal reports, reaching thousands of partner organizations. This doesn’t include the numerous informal daily exchanges that are also protected by the law.

This September, CISA 2015 is set to expire unless Congress reauthorizes it. As we’ve heard from many stakeholders, the liability and privacy protections provided by the law have facilitated better information sharing, helped secure networks, and improved our overall cybersecurity posture. The Cybersecurity and Infrastructure Security Agency (CISA), which this Subcommittee oversees, has played a crucial role in fostering these information-sharing partnerships, a mission I look forward to continuing under the new Administration.

There are valid concerns that without these protections, the private sector would be less willing to share cybersecurity information, either amongst themselves or with the federal government. Without these safeguards, we can be certain that our nation would be more vulnerable to cyber threats. I strongly support reauthorizing CISA 2015, and I’ve made it a top priority this year. I’m encouraged that just yesterday, Secretary Noem voiced similar support before the full committee. This hearing is a crucial step forward in the reauthorization process, and I look forward to incorporating feedback into a reauthorization bill.

I’d like to thank our expert panel for being here today. Your insights on how this law has been implemented across industries are invaluable. Some of you have tracked or worked directly on this law since its inception.

I look forward to exploring ways to maintain and potentially improve voluntary cybersecurity information sharing between the public and private sectors.

###