Bill to restore cyber data-sharing law includes retroactive protections

Legislation that would renew the Cybersecurity Information Sharing Act of 2015 and safeguard companies that kept providing cyber threat data to the government during a lapse in authority has been introduced by Sens. Mike Rounds, R-S.D., and Gary Peters, D-Mich., reports The Record, a news site by cybersecurity firm Recorded Future. Under the Protecting America from Cyber Threats Act, CISA 2015 would be extended for 10 years while ensuring liability protections for private entities that continued data-sharing after the statute expired last month. "We have to continue to get real-time information on threats in order to stand up against persistent cybersecurity attacks. When this bill passes, anything that happened during that gap will also be protected," Peters said. Both the 2015 law and the State and Local Cybersecurity Grant Program lapsed on Oct. 1 after Congress failed to pass a budget, causing a government shutdown. The House passed renewal measures in September, but short-term extensions tied to a temporary funding measure failed in the Senate. Since then, lawmakers have been unable to move forward, and Sen. Rand Paul, R-Ky., has blocked several efforts to pass a clean 10-year extension. Peters dismissed short-term fixes, arguing that businesses need "long-term certainty" in their cyber protections.