Cybersecurity Information Sharing Act Extension Hoped for by CISA Leadership at BHUSA
Cybersecurity Information Sharing Act (CISA) leaders, including Christopher Butera, the active Executive Assistant Director, and Robert Costello, the CIO, have expressed optimism about the reauthorization of the Act before its expiration on September 30, 2025. They shared their insights on the state of America's cybersecurity during Black Hat USA 2025 on August 7.
The Act, adopted and signed by then-President Barack Obama in December 2015, is crucial in promoting information sharing to bolster the nation's cybersecurity defences, given the quick pivots of adversaries in the cybersecurity field. If reauthorized, it will continue to play a significant role in helping government agencies and companies mitigate cyber threats.
CISA is currently working on several initiatives. One of these is the release of IT services to make it easier for users to sign up for their Cyber Hygiene (CyHy) services. The CyHy service, with over 11,000 users, is a vital tool in strengthening cybersecurity.
In addition, CISA has been actively working on addressing the 'ToolShell' SharePoint vulnerability exploit campaigns. The agency has also been focusing on automation to remediate faster, a key aspect in today's rapidly evolving cyber landscape.
One of the most powerful tools in CISA's arsenal is the Common Vulnerabilities and Exposures (CVE) program. Funding for this program, run by MITRE with CISA's sponsorship, will be maintained by the agency.
Despite recent reports, CISA leaders have dismissed rumours of its demise, stating that the agency is advancing in a new direction. Madhu Gottumukkala, the current Acting Director of CISA, had to cancel her attendance at an event due to a personal matter. Nicholas Andersen is set to take over as the new Executive Assistant Director for Cybersecurity from September 2, 2025.
CISA has also unveiled a new malware and forensic analysis platform named Thorium. This platform is expected to further enhance CISA's capabilities in detecting and responding to cyber threats.
Cynthia Kaiser, SVP at Halcyon, strongly believes that the Cybersecurity Information Sharing Act should be renewed. She emphasised the importance of this Act in fostering a collaborative approach to cybersecurity, enabling organisations to share information and work together to combat cyber threats more effectively.
As CISA continues its efforts to strengthen America's cybersecurity, it has also received a boost with the release of $100m in state and local cyber grant funding. This funding, which CISA calls a "really important tool", will help further bolster the nation's cyber defences.
