Cybersecurity Leaders Urge Action as CISA 2015 Expiration Creates Gaps in Cyber Intelligence Sharing

Critical infrastructure industries are facing new uncertainty following the recent expiration of the Cybersecurity Information Sharing Act of 2015 (CISA 2015). As digital transformation rapidly expands attack surfaces across healthcare, manufacturing, and state and local government, transparency in sharing cyber threats and attacks is becoming more important than ever.

For nearly a decade, CISA provided legal protections that encouraged companies to share cyber threat indicators with the federal government and each other. With those safeguards eliminated following CISA’s expiration on September 30, organizations now face increased liability risks and reduced collaboration—slowing down the exchange of vital threat intelligence. Experts anticipate that without legal immunity, many will hesitate to share information out of concern for lawsuits or antitrust violations, creating dangerous visibility gaps for adversaries to exploit.

“AI is making attacks faster, cheaper, and more precise—just as the nation’s cyber defenses are fracturing,” said Joel Burleson-Davis, Chief Technology Officer at Imprivata, in a recent Digital Health Insights article. “With the expiration of CISA 2015 and the defunding of the Multi-State Information Sharing and Analysis Center, government support for cybersecurity has disappeared overnight, costing the nation vital early warnings against today’s sophisticated threats.”

This loss of trust and collaboration weakens the broader cybersecurity ecosystem, particularly for sectors that rely on shared workstations, mobile devices, and complex vendor and contractor ecosystems. In these environments, even minor access delays or small gaps in vendor access control and credential management can lead to unauthorized access, compliance failures, or operational downtime. This can result in slower threat detection, fragmented response efforts, and increased vulnerability to ransomware and supply-chain breaches.

While the CISA agency itself remains active, its ability to share real-time intelligence has been significantly limited, leaving organizations without a clear early-warning system. As the cyber insurance market tightens, underwriters are expected to place greater scrutiny on identity governance, privileged access management, and continuous monitoring of user behavior as key indicators of cyber resilience.

“Operators should act now to blunt any intelligence gap,” said Burleson-Davis in a Security Magazine interview. “In cybersecurity, unity and urgency aren’t optional, they’re how we keep the lights on and data, systems and people safe.”

To stay ahead, organizations must double down on zero-trust network access, including identity and access management.

Learn more about how to implement zero trust and prepare for future threats.