Peters urges swift action on CISA 2015 as cyber agency faces budget squeeze
With just weeks left before key cybersecurity protections are set to expire, Sen. Gary Peters (D-Mich.) is sounding the alarm. In a recent Cyber Focus interview, Peters warned that failure to reauthorize the Cybersecurity Information Sharing Act of 2015 – commonly referred to as CISA 2015 – would be “catastrophic” for national cybersecurity.
“That will be catastrophic for our ability to protect against all the bad guys that are out there,” Peters said. The CISA 2015 law provides liability protections to companies that share cyber threat indicators with the federal government. Those protections were designed to increase trust and cooperation between the private sector and federal agencies. Without them, the ranking member on the Senate Homeland Security and Governmental Affairs Committee warned, critical partnerships could erode. “Once you lose trust, it’s really hard to get it back,” Peters said.
While the law enjoys bipartisan support, a clean reauthorization has stalled in the Senate. Homeland Security Committee Chairman Rand Paul (R-Ky.) is using the urgency behind CISA 2015’s renewal to push for broader restrictions on the Cybersecurity and Infrastructure Security Agency (CISA) – the federal agency that shares the acronym but is distinct from the 2015 statute.
Peters said he regrets that the two issues have become entangled. “This bill is different,” he said. “You can’t conflate the two together.” But he emphasized that the reauthorization needs to happen now – and debates over the agency’s future can happen in parallel. “In the meantime, we can’t let the whole bill expire,” Peters said.
That risk, he warned, comes as CISA – the agency – is already under pressure. Peters described the situation as a cyber double threat: an expiring legal framework and an underfunded frontline agency. “CISA is under siege in terms of the resources and the cutbacks that are there,” he said, “and cyber threats aren’t going away. They’re getting bigger and more sophisticated.”
That’s especially true for state and local governments, which often lack the resources to mount effective defenses. Peters argued that federal grant funding made available through CISA isn’t just necessary – it’s fiscally smart. “At a time when we’re running record deficits,” he said, these grants “[bring] down the cost of what would happen with a cyberattack.”
More than 800 cybersecurity projects have already been funded through CISA’s local grant programs, Peters noted. “If we don’t protect our weakest links, it doesn’t matter how good you are at the top – you’re going to have some serious problems,” he said.
The conversation also touched on regulatory harmonization and workforce gaps, but Peters returned repeatedly to the CISA 2015 deadline – and the importance of public pressure to break the impasse.
“We got it right 10 years ago. We’ve got to get it right for the next 10 years,” said host Frank Cilluffo.
“Exactly,” Peters replied. “We’ve got a good track record. Let’s not mess it up.”
You can find the full episode here.