The Cybersecurity Information Sharing Act of 2015 (CISA 2015) in the United States, which was on the brink of expiration at the end of 2025, is now expected to be extended until the end of September as part of the Department of Homeland Security (DHS) funding package for 2026.
The DHS Appropriations Act successfully passed the House of Representatives despite objections from Democrats regarding funding for Immigration and Customs Enforcement (ICE), a part of the DHS. The bill will now move to the Senate for consideration before the end of the month.
CISA 2015 allows organizations to report and share information on cyber threats without fear of legal repercussions. Originally enacted during the Obama administration, the law included a 10-year sunset clause for review and revision.
Following progress on a replacement for CISA 2015, a brief lapse occurred in October 2025 due to a government shutdown, but the impact on data-sharing was limited. The law was extended until the end of January 2026 as part of the government reopening agreement, providing more time for Congress to determine next steps.
Experts like Cynthia Kaiser from Halcyon and Marc van Zadelhoff from Mimecast emphasize the importance of information sharing in cybersecurity and the need for long-term solutions. The extension of CISA 2015 is seen as a positive step towards enhancing collaboration for stronger cyber defense strategies.
In addition to the extension of CISA 2015, the DHS Appropriations Act allocates $2.6 billion for the Cybersecurity and Infrastructure Security Agency (CISA), with a focus on cyber operations, threat hunting, and countering cyber threats from China. The Act also highlights the agency’s role in coordinating with international partners to enhance global cybersecurity efforts.
As we move forward, the cybersecurity community is encouraged to use the nine-month extension strategically to improve accountability, collaboration, and threat intelligence sharing. The goal is to strengthen cybersecurity practices and create a culture of shared responsibility for a more secure digital environment.
