Industry groups worry about cyber info sharing

The US federal law that facilitates a significant portion of information sharing between the federal government and private sector is likely to expire October 1 in a development that could have major impacts on private industry and government cyber threat coordination. 

Despite broad bipartisan support, lawmakers have not agreed on how to either renew or modify the Cybersecurity Information Sharing Act, first passed in 2015, which offers private organisations legal protections to share cyber threat information with each other or the government. 

Expiration of the law could lead to a dramatic decrease in information sharing by private entities, according to a client alert written by five attorneys with the WilmerHale law firm posted September 15 to the firm’s website. 

“Without the critical protection for legal privileges—and the perceived need for liability and antitrust protections—private entities are less likely to voluntarily share information with the federal government or private entities due to a perceived increased risk,” the attorneys wrote.

“The consequences could be significant, especially considering the fact that the private sector owns and operates most critical infrastructure in the United States.”

Michigan Democratic Senator Gary Peters said that the authorities in the law are "critical to protecting our national and economic security from cyberattacks."

A bipartisan group of leaders in the House, Trump administration and a "coalition in the Senate all support extending this legislation for 10 years.

"It's shameful we've reached this point - we need to pass a long-term clean extension immediately."

The White House did not respond to a request for comment.

The deadline looms as federal lawmakers work to avert a partial government shutdown that would lead to hundreds of thousands of federal employees being furloughed without pay and disruptions to a wide range of services.