In a renewed push to safeguard America’s digital infrastructure, U.S. Senators Gary Peters (D-MI) and Mike Rounds (R-SD) have introduced the Protecting America from Cyber Threats Act — a bipartisan bill aimed at restoring critical cybersecurity protections that expired on September 30.
The bipartisan bill would reauthorize key provisions of the Cybersecurity Information Sharing Act of 2015, which has been instrumental in allowing private companies to voluntarily share cybersecurity threat indicators, such as malware signatures, software vulnerabilities, and malicious IP addresses, with the Department of Homeland Security (DHS).
This framework, which had been active for a decade, is credited with helping prevent data breaches, protecting personal and corporate information, and improving the federal government’s ability to detect and respond to attacks from foreign adversaries and cybercriminal networks.
Renewing Bipartisan Bill
“This bipartisan bill renews a proven framework that has helped defend critical networks at our hospitals, financial systems, and energy grids from cyberattacks for a decade,” said Senator Peters, Ranking Member of the Homeland Security and Governmental Affairs Committee.
“We must quickly renew these longstanding cybersecurity protections that encourage companies to voluntarily share information about cybersecurity threats with the federal government to ensure we are prepared to defend our national and economic security against relentless attacks.”
Senator Rounds echoed this sentiment, emphasizing the urgency of the reauthorization of bipartisan bill.
“The Cybersecurity Information Sharing Act of 2015 has been instrumental in strengthening our nation’s cyber defenses by enabling critical information sharing between the private sector and government. The lapse in this legislation due to the government shutdown leaves our nation vulnerable to cyberattacks. Our legislation would extend these provisions for an additional 10 years.”
Addressing the Gaps and Liability Concerns
The newly proposed Protecting America from Cyber Threats Act not only seeks to renew the expired cybersecurity protections but also introduces a retroactive clause. This bipartisan bill ensures that companies that continued sharing cyber threat data with the government during the lapse period remain protected from liability.
“We have to continue to get real-time information on threats in order to stand up against persistent cybersecurity attacks,” Peters told reporters during a recent briefing. “We want folks to know that when this bill passes, anything that happened during that gap will also be protected from potential liability.”
This assurance comes as several industries have expressed concern over the legal uncertainty following the lapse of the 2015 law. Many companies that regularly share cyber threat indicators with the federal government have reportedly been hesitant to continue without guaranteed protections.
Building on a Decade of Cyber Defense
The bipartisan bill builds upon the foundation of the 2015 law, which facilitated information sharing that helped address major cyber incidents, including SolarWinds, Volt Typhoon, and Salt Typhoon. These attacks exposed vulnerabilities across both government systems and private networks, highlighting the need for continued collaboration.
The proposed legislation also reaffirms privacy protections by ensuring that personally identifiable information (PII) is excluded from threat reports. This balance between information sharing and privacy has been a cornerstone of the program’s success.
When private companies report security flaws or ongoing cyberattacks, it allows the federal government to act quickly, preventing threats from spreading and helping affected organizations recover faster. The shared intelligence is also disseminated to state and local governments and critical infrastructure operators, ensuring communities across the nation are equipped with the latest threat information.
Bipartisan Bill: Strong Industry Support
The bipartisan bill effort has garnered widespread support from major industry groups, including Airlines for America, the American Gas Association, the Bank Policy Institute, the Business Roundtable, the Chamber of Commerce, the Edison Electric Institute, the National Association of Manufacturers, and the National Retail Federation.
These organizations have long advocated for a stable and predictable framework for cyber threat sharing, emphasizing that short-term renewals are not sufficient to manage the nation’s complex cybersecurity challenges.
“One thing that is very clear from all stakeholders is that they need long-term certainty when it comes to these protections,” Peters noted. “You can’t operate with just a few-week patch. That’s no way to run a business or a sophisticated cybersecurity operation.”
Legislative Hurdles Ahead
Despite broad bipartisan backing, the bipartisan bill faces procedural obstacles in the Senate. Efforts to pass a simple reauthorization earlier were repeatedly blocked by Homeland Security Committee Chairman Rand Paul (R-KY), who has called for additional free speech protections to be included in any longer-term reauthorization.
Peters acknowledged the hurdles but remains optimistic. “There are a number of procedures this bill must go through before a vote,” he said, adding that he has discussed the measure with Senate leadership but did not specify a timeline.
Senator Peters has been a consistent advocate for strengthening the nation’s cyber defenses. His previous bipartisan efforts have led to laws enhancing cybersecurity for K-12 schools, state and local governments, and federal supply chains.
