On Sept. 30, 2025, the Cybersecurity Information Sharing Act (CISA 2015) officially expired, ending a decade-long framework that helped government and industry share cyber-threat data safely and consistently. For the first time in ten years, the United States lacks the statutory foundation that underpinned its public-private threat-intelligence ecosystem.At a time when adversaries are exploiting automation, AI, and geopolitical distractions, this is not a procedural lapse. It represents an erosion of the trust, speed, and collaboration that underpin national resilience.The law’s expiration has already produced tangible disruptions across the U.S. cyber-defense ecosystem. In the weeks since the law lapsed, federal agencies and private companies have scaled back the voluntary exchange of threat intelligence that once enabled near-real-time detection and coordinated mitigation of attacks.Preliminary data from industry information-sharing groups and federal partners indicates that the volume of indicators of compromise shared through formal channels has declined by more than 70%.Several sector-specific Information Sharing and Analysis Centers (ISACs) report 24-48-hour delays in the dissemination of alerts once handled automatically under the former framework.The consequences are showing up across key sectors:Healthcare networks have seen a 12% increase in detected ransomware activity since early October, attributed in part to slower coordination on threat signatures.Energy and utilities operators are reporting longer response times when facing off with nation-state actors’ efforts to probe OT systems.Financial institutions note reduced visibility into cross-border fraud campaigns and business email compromise patterns that depend on rapid, shared intelligence.Without the legal clarity and liability protections that CISA 2015 provided, organizations are already hesitating to report incidents or indicators, creating data silos at the precise moment we can’t afford them.A critical framework gone darkEnacted in 2015, CISA created the legal and operational bridge between the federal government and private industry for sharing threat indicators such as malware signatures, IP addresses, and attack tactics. It worked because it balanced two essential ingredients: Liability protection so companies could share data without fear of legal exposure, and privacy safeguards to ensure personal information was removed before data exchange.This trust model enabled the rapid, bidirectional flow of cyber intelligence that protected hospitals, banks, utilities, and defense contractors from nation-state actors and criminal groups alike.A legal and operational vacuumWithout CISA’s liability protections, we now have a two-fold problem: Government blindness and industry isolation. Federal entities lose visibility into threats originating in private networks, while companies no longer benefit from federally curated indicators and cross-sector analysis.The result is a fragmented response landscape just as adversaries, particularly China-linked and Russia-linked groups, ramp up persistent intrusions into U.S. critical infrastructure.Congressional efforts to restore the frameworkMembers of the U.S. Homeland Security and Governmental Affairs Committee have presented a potential viable path forward for us.Senators Gary Peters (D-MI) and Mike Rounds (R-SD) introduced the “Protecting America from Cyber Threats Act” in an attempt to renew the critical cybersecurity provisions that expired at the end of September. Stakeholders across the technology sector are urging its swift passage. It would reauthorize the decade-old bipartisan law allowing companies to voluntarily share threat indicators, such as malware signatures, software vulnerabilities, and malicious IP addresses with the Department of Homeland Security.This collaboration has been instrumental in preventing data breaches, safeguarding personal information, and strengthening the federal government’s ability to respond to cyberattacks from foreign adversaries and criminal networks.The road aheadThe expiration of CISA 2015 is not purely bureaucratic oversight. It is a national security risk with global implications. Each day without reauthorization erodes the trust, coordination, and shared visibility that have underpinned the resilience of America’s most critical systems.Cyber threats today are faster, smarter, and more interconnected than ever before. Artificial intelligence is amplifying offensive capabilities. Supply chains now span thousands of vendors across multiple continents, and adversaries are exploiting digital interdependence to create cascading effects that cross sectors and borders in seconds.A 21st-century information-sharing law must recognize this new reality, one where we must consider machine-speed collaboration as the baseline, not the ceiling.Reauthorization should go beyond simply restoring the past. It should establish a modernized framework that:Enables real-time, automated data exchange between trusted partners across sectors.Incentivizes responsible sharing through updated liability protections and privacy standards.Integrates AI-driven analytics to surface and contextualize threats faster than human analysts can react.Expands international cooperation so allies and partners can jointly defend the global digital economy.The principles that made the original CISA successful—trust, transparency, and accountability—must guide its renewal. Policymakers, CISOs, and researchers must work from the same playbook to ensure that actionable intelligence moves as quickly as the threats themselves.Because in cybersecurity, no single actor can stand alone, and visibility, trust, and collaboration remain our strongest defenses. Anything less leaves us exposed.Michael Centrella is the head of public policy at SecurityScorecard and a former assistant director at the U.S. Secret Service. The post CISA’s expiration leaves a dangerous void in US cyber collaboration appeared first on CyberScoop.