9 Reasons Why CSA 2015 Is Vital For CISA's Success
CEO of Axon Global : an expert in AI & effective Cyber ERM. A recognized leader in his field by the U.S. Secret Service, NACD, and the WSJ. getty
In October of 2025, the Cybersecurity Act of 2015 is due to expire, unless Congress extends the deadline or renews the Act. The Cybersecurity Act of 2015, Division N, has played a transformative role in the U.S. cybersecurity landscape. It is particularly crucial for the Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA), which relies on the law's provisions to effectively protect the nation's critical infrastructure. It is the enabler by which the private sector can contribute indicators of compromises without liability. It fosters collaboration between the public and private sectors and enables the timely sharing of cyber threat intelligence.
A key element that makes this possible is the legal protections provided under Section 3.3 (B) v. of the Cybersecurity Information Sharing Act of 2015. These protections encourage companies to share information without fear of legal repercussions, ultimately strengthening national cybersecurity.
One of the main objectives of the Cybersecurity Act of 2015 is to promote better collaboration between the public and private sectors. In today's digital world, cyber threats are becoming more advanced, targeting sensitive data and disrupting critical infrastructure. No single entity can effectively counter these threats alone. And the government can do very little to help protect cybersecurity in the critical infrastructure without visibility into it.
The Act facilitates the exchange of cyber threat indicators, empowering CISA to develop a more comprehensive understanding of the threat landscape. It serves as the single point of entry where the private sector can report indicators of compromise without liability, ensuring the information reaches the appropriate U.S. government agency. This collective effort is crucial for defending sectors like energy, healthcare, finance and critical infrastructure, which are largely managed by private companies. Section 3.3 (B) v. – Legal Protections That Foster Information Sharing
Section 3.3 (B) v. of the Cybersecurity Information Sharing Act of 2015 offers strong legal protections to organizations that share cyber threat information responsibly. These protections help alleviate concerns about liability and regulatory exposure, encouraging more companies to participate. The key legal protections include:
1. Protection from lawsuits related to sharing cyber threat indicators, provided the information is shared responsibly (6 U.S.C. §1505(b)).
2. Exemption from state public records laws, ensuring that sensitive information shared with government entities remains confidential (6 U.S.C. § 1503(d)(4)(B)).
3. Protection from state regulatory actions, giving companies confidence that shared information won't be used against them (6 U.S.C. § 1503(d)(4)(C)).
4. Preservation of attorney-client privilege, ensuring that sharing information doesn't compromise legal confidentiality (6 U.S.C. § 1504(d)(1)).
5. Recognition of shared data as proprietary information, protecting trade secrets and sensitive business information (6 U.S.C. § 1504(d)(2)).
6. Exemption from federal public disclosure laws, maintaining the confidentiality of shared threat intelligence (6 U.S.C. § 1504(d)(3)).
7. Waiver of ex parte communication rules, allowing open and honest discussions without legal consequences (6 U.S.C. § 1504(d)(4)).
8. Protection from federal regulatory actions, ensuring that shared information isn't used for enforcement purposes (6 U.S.C. § 1504(d)(5)(D)).
9. Immunity from antitrust laws, enabling competitors to collaborate on cybersecurity without legal risks (6 U.S.C. § 1504(e)). Why These Legal Protections Matter To CISA
The legal protections provided by the Act are crucial for CISA's mission because they break down the barriers that previously discouraged companies from sharing vital cyber threat data.
By offering liability protection and ensuring confidentiality, the Act fosters a culture of trust and collaboration. This enables CISA to gather a wide range of threat intelligence, improving its ability to identify and respond to emerging cyber threats quickly and efficiently. This proactive approach is key to protecting national security and maintaining public trust. How Private Companies Benefit
The legal protections under Section 3.3 (B) v. aren't just good for national security, they also provide significant benefits to private companies.
By minimizing legal risks and safeguarding proprietary information, the Act creates a secure environment for sharing threat intelligence. This collaborative approach allows companies to stay ahead of cyber adversaries while protecting their business interests. Additionally, the antitrust exemptions enable industry competitors to work together on cybersecurity solutions without fear of legal repercussions. This collective defense strategy enhances the overall security posture of the private sector. Conclusion
The Cybersecurity Act of 2015, Division N, is a cornerstone of modern cybersecurity policy in the United States. By promoting public-private collaboration and providing robust legal protections, the Act enables CISA to build a more resilient and responsive cybersecurity infrastructure. The warranties offered under Section 3.3 (B) v. are particularly valuable, as they eliminate legal obstacles, encouraging companies to share critical threat intelligence. This collaborative framework not only strengthens national security but also empowers the private sector to better defend itself against cyber threats.
According to the Executive Director of the DHS CISA, Bridget Bean, 'My team on the ground across the nation has the responsibility and the wonderful opportunity to bring together stakeholders, critical infrastructure owners and operators, and state and local government officials, to really tackle the problems that are facing our nation in cyber and physical.'
If the CSA 2015 expires in October, the collaborative framework provided by CISA will no longer be viable, and this may have serious cybersecurity consequences for critical infrastructure and national security.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
5 hours ago
- Forbes
11 Million Critical Vulnerabilities Exposed — Act Now
New research reveals 11 million critical vulnerabilities are exposed to the public internet. While security vulnerabilities are an integral part of the world of technology, some are more critical than others. The Cybersecurity and Infrastructure Defense Agency, part of the U.S. Department of Homeland Security, has warned time and time again about the dangers of vulnerabilities to organizations. Yet that message does not appear to be getting through if the staggering numbers revealed in a new technology sector risk report are anything to go by: more than 11 million critical vulnerabilities in tech sector environments are currently exposed to the public internet. 11.4 Million Critical Vulnerabilities Are Currently Exposed To The Public Internet Two recent warnings from the Federal Bureau of Investigation should be burned into the psyche of anyone and everyone who has any influence when it comes to the security of technology environments. The first, from earlier in June this year, involved a skyrocketing number of victims of the Play ransomware group. The primary infection vector was reported as being unpatched critical vulnerabilities: CVE-2025-29824, iCVE-2022-41040, CVE-2022-41082, CVE-2020-12812 and CVE-2018-13379 if you want to go and check that your organization isn't open to these specific attacks. The second, a joint advisory with CISA, warning that unsophisticated hackers are a real danger, including those exploiting vulnerabilities that should already have been patched but have not. The 2025 Risk Radar Report from Trust SpiderLabs has now confirmed the real extent of this danger to the technology sector. The researchers revealed that a total of more than 11.4 million critical vulnerabilities are exposed to the public internet within the technology sector. That's a staggering and truly frightening number. 'Services are often publicly exposed for a good reason,' Trust SpiderLabs said, 'that is to allow the public to visit your website, and to receive email from people outside your organization.' However, oftentimes services are exposed by mistake, usually as a result of a configuration error. Combine this with the number of critical vulnerabilities that have yet to be patched by the organizations concerned, and Houston, we have a problem. The report analyzed those vulnerabilities within the CISA Known Exploited Vulnerabilities catalog for 2024 and 2025, and discovered that nine of the top ten were web server vulnerabilities that coincided with the top exposed service in the tech industry. The single KEV vulnerability that was not web-based is BlueKeep, a critical vulnerability in the Remote Desktop Protocol, commonly used by hackers for lateral movement within networks. 'With that service exposed to the public internet,' the report stated, 'it could be used to establish an initial foothold.' If it's not yet clear, here's what you should do: take an inventory of all currently open services running outside the network perimeter and conduct an immediate access audit. 'It's also essential to prioritize patching for any publicly exposed systems,' Trustwave SpiderLabs said, in order to mitigate the risk from unpatched critical vulnerabilities.
Business Upturn
a day ago
- Business Upturn
Sarda Energy receives consent to operate Coal Gasifier Plant in Raipur
Sarda Energy & Minerals Limited has recently informed exchanges that the company received approval from the Chhattisgarh Environment Conservation Board (CECB), Raipur, to operate its Coal Gasifier Plant. The consent has been granted under the provisions of the Water (Prevention and Control of Pollution) Act, 1974 and the Air (Prevention and Control of Pollution) Act, 1981. According to the disclosure, the consent covers the operation of a Coal Gasifier Plant with a capacity of 3,606.15 Nm³/hr. The unit is intended for use at the company's Pellet Plant located in Raipur, Chhattisgarh. This regulatory approval allows Sarda Energy & Minerals to proceed with operations at the specified capacity in accordance with environmental compliance requirements. In the meantime, Sarda Energy & Minerals shares closed at ₹450.20 on Friday. The stock opened at ₹448.50 and touched a high of ₹452.00 during the day, while the low stood at ₹444.85. The company's 52-week high is ₹563.45, and the 52-week low is ₹229.50. Ahmedabad Plane Crash Aman Shukla is a post-graduate in mass communication . A media enthusiast who has a strong hold on communication ,content writing and copy writing. Aman is currently working as journalist at
Business Wire
2 days ago
- Business Wire
Ampco-Pittsburgh Corporation Announces Closing of Amended and Restated Credit Facility
CARNEGIE, Pa.--(BUSINESS WIRE)--Ampco-Pittsburgh Corporation (NYSE: AP) (the "Corporation") announced today that it has entered into an amended and restated revolving credit, term loan and security agreement (the "Credit Facility") consisting of a $100 million, five-year asset-backed revolving line of credit and a $13.5 million term loan. The proceeds from the term loan were fully utilized to reduce borrowings on the revolving portion of the Credit Facility at closing. PNC Capital Markets LLC and F.N.B. Capital Markets served as Joint Lead Arrangers, First National Bank of Pennsylvania served as Lender and Syndication Agent, and S&T Bank served as Lender. PNC Bank, National Association, will continue to serve as Agent for the Credit Facility. Clark Hill PLC served as lead counsel for PNC Bank, National Association. Cozen O'Connor PC served as the Corporation's lead counsel. Commenting on the transaction, Michael McAuley, Ampco-Pittsburgh's Senior Vice President, Chief Financial Officer, and Treasurer, stated, "We are very pleased to execute this extended and amended Credit Facility and to continue the strong relationships we have with our lenders to provide liquidity in support of our operations. This facility was structured to offer increased overall lending capacity and greater flexibility to support our global working capital requirements.' About Ampco-Pittsburgh Corporation Ampco-Pittsburgh Corporation manufactures and sells highly engineered, high-performance specialty metal products and customized equipment utilized by industry throughout the world. Through its operating subsidiary, Union Electric Steel Corporation, it is a leading producer of forged and cast rolls for the global steel and aluminum industries. It also manufactures open-die forged products that are sold principally to customers in the steel distribution market, oil and gas industry, and the aluminum and plastic extrusion industries. The Corporation is also a producer of air and liquid processing equipment, primarily custom-engineered finned tube heat exchange coils, large custom air handling systems and centrifugal pumps. It operates manufacturing facilities in the United States, England, Sweden, and Slovenia and participates in three operating joint ventures located in China. It has sales offices in North America, Asia, Europe, and the Middle East. Corporate headquarters is located in Carnegie, Pennsylvania. FORWARD-LOOKING STATEMENTS The Private Securities Litigation Reform Act of 1995 (the 'Act') provides a safe harbor for forward-looking statements made by us or on behalf of Ampco-Pittsburgh Corporation and its subsidiaries (collectively, 'we,' 'us,' 'our,' or the 'Corporation'). This press release may include, but is not limited to, statements about operating performance, trends and events we expect or anticipate will occur in the future, statements about sales and production levels, timing of orders for our products, restructurings, the impact from pandemics and geopolitical conflicts, profitability and anticipated expenses, inflation, the global supply chain, tariffs and global trade, future proceeds from the exercise of outstanding warrants, and cash outflows. All statements in this document other than statements of historical fact are statements that are, or could be, deemed 'forward-looking statements' within the meaning of the Act and words such as 'may,' 'will,' 'intend,' 'believe,' 'expect,' 'anticipate,' 'estimate, 'project,' 'target,' 'goal,' 'forecast' and other terms of similar meaning that indicate future events and trends are also generally intended to identify forward-looking statements. Forward-looking statements speak only as of the date on which such statements are made, are not guarantees of future performance or expectations, and involve risks and uncertainties. For us, these risks and uncertainties include, but are not limited to: inability to maintain adequate liquidity to meet our operating cash flow requirements, repay maturing debt and meet other financial obligations; economic downturns, cyclical demand for our products and insufficient demand for our products; excess global capacity in the steel industry; inability to successfully restructure our operations and/or invest in operations that will yield the best long-term value to our shareholders; liability of our subsidiaries for claims alleging personal injury from exposure to asbestos-containing components historically used in certain products of our subsidiaries; inability to obtain necessary capital or financing on satisfactory terms to acquire capital expenditures that may be necessary to support our growth strategy; inoperability of certain equipment on which we rely; increases in commodity prices or insufficient hedging against increases in commodity prices, reductions in electricity and natural gas supply or shortages of key production materials for us or our customers; inability to satisfy the continued listing requirements of the New York Stock Exchange or the NYSE American Exchange; potential attacks on information technology infrastructure and other cyber-based business disruptions; fluctuations in the value of the U.S. dollar relative to other currencies; changes in the existing regulatory environment; consequences of pandemics and geopolitical conflicts; work stoppage or another industrial action on the part of any of our unions; failure to maintain an effective system of internal control; changes in the global economic environment, inflation, elevated interest rates, recessions or prolonged periods of slow economic growth, and global instability and actual and threatened geopolitical conflict; and those discussed more fully elsewhere in Item 1A, Risk Factors, in Part I of the Corporation's latest Annual Report on Form 10-K and Part II of the latest Quarterly Report on Form 10-Q. We cannot guarantee any future results, levels of activity, performance or achievements. In addition, there may be events in the future that we are not able to predict accurately or control which may cause actual results to differ materially from expectations expressed or implied by forward-looking statements. Except as required by applicable law, we assume no obligation, and disclaim any obligation, to update forward-looking statements whether as a result of new information, events or otherwise.
