If the law remains lapsed “for a lengthy period, that will diminish capabilities across the industry to share and enhance real-time sharing of cyber threat indicators,” Nathaniel Jones, VP of security and AI strategy at Darktrace, who, until two years ago, was a CISA veteran who had served as a section chief and operations officer, tells CSO.
“The whole purpose of this was to provide an insulating layer over communications that are made by the critical sectors when they need to share information,” Mike Hamilton, field CISO of Lumifi Cyber and former CISO of Seattle, tells CSO. “Now, the private sector is going to be very reluctant to tell anybody what happens to them.”
What CISA 2015 provided
CISA 2015 explicitly authorized private entities to take certain defensive measures to stop cyberattacks, to monitor their own and customers’ networks for cyber threats — with written authorization and consent — and share cyber threat indicators to provide better detection and response to cyber threats.
