Why Congress Must Protect Cyber Sharing

Commentary by Peter Hyun and Michael Casey

Published September 26, 2025

Ten years ago, Congress took a halting step to shore up U.S. defenses in the face of unrelenting cyber threats from states and criminals. This year, Congress faces a pivotal choice about revisiting and potentially improving those defenses as the nation faces the expiration of the Cybersecurity Information Sharing Act of 2015. In the lead-up to its enactment, there was a fierce debate over a recurring question: How does the United States harden its cybersecurity defenses working in partnership with the public and private sectors?

The demand is clear-cyberattacks are escalating in both size and scope, sparing no one. Attacks were committed against U.S. critical infrastructure, private companies, and government systems.

A very short list of high-profile attacks leading up to that point (there were many more) includes the following:

• the 2013 Target data breach, which affected 110 million people;
• the 2014 Office of Personnel Management hack, which impacted 22.1 million individuals; and
• the 2014 JP Morgan compromise, in which attackers stole the data of 76 million households and 7 million small businesses.

In 2015 alone, cyberattacks leaked data on 300 million people and caused $1 billion in damages, prompting bipartisan urgency and a recognition that public-private collaboration was not just a "should have," but a "must have."

But long before 2015, the demand to address the threat of cyberattacks was clear. Russia has long carried out cyber operations around the world. Russian entities were, for example, responsible for the NotPetya malware in 2017 that caused over $10 billion in damages to FedEx, Maersk, and others. And multiple governments publicly blamed the Russian SVR-foreign intelligence organization-for the SolarWinds attack in 2020 that compromised multiple departments of the U.S. government and over 100 private corporations.

But it is China that is, according to the 2023 Office of the Director of National Intelligence's Annual Threat Assessment, the most active and persistent threat to U.S. networks.

Starting around 20 years ago, the Chinese Communist Party (CCP) began to view cyber operations as a low-cost, high-impact tool for achieving global influence and achieving its military and economic objectives. This resulted in the creation of multiple organizations in China with the responsibility and capability to carry out cyber operations. And by 2011, the U.S. intelligence community, including the FBI, National Security Agency, and Office of the Director of National Intelligence, identified China as the United States' most prolific cyber adversary, carrying out operations for economic espionage, intelligence collection, and malign influence operations.

These threats raised concerns about consumer welfare and data protection, as stolen data often included personal information, for example, as with the Equifax hack in 2017, generally attributed to the Chinese Ministry of State Security, which compromised the files of over 145 million individuals.

At the current time, Chinese cyber actors, like Volt Typhoon and Salt Typhoon, are believed to still be present in the systems of critical infrastructure sectors such as energy, water, and telecommunications. These intrusions, ongoing for up to two years in some cases, aim to enable not only intelligence collection but potentially disruption during a potential conflict-think power grids blacked out or communications severed at a moment of geopolitical tension.

Iran and North Korea add to the mix, with the former's aggressive operations threatening U.S. allies and the latter funding its regime through cryptocurrency heists that steal hundreds of millions annually. These threats aren't abstract: In 2025 alone, ransomware and espionage campaigns linked to these actors have disrupted healthcare, finance, and logistics, costing billions and eroding public trust.

The Cybersecurity Information Sharing Act (CISA) 2015 stands as a bulwark against this onslaught. While imperfect, the law's Automated Indicator Sharing platform, certified by the Department of Homeland Security in 2016, has facilitated the exchange of millions of unclassified threat indicators annually among over 200 nonfederal participants, including private firms and Information Sharing and Analysis Centers (ISACs).

This has directly contributed to rapid responses to high-profile incidents like the SolarWinds breach, Volt Typhoon intrusions, and Salt Typhoon campaigns-attacks that could have cascaded into widespread blackouts or data exfiltration without shared intelligence. By providing liability protections against civil suits, antitrust violations, and regulatory overreach for good faith sharing, CISA has helped transform cybersecurity culture, encouraging even small- and medium-sized businesses to participate without fear of reprisal.

Significantly, CISA helped spur the growth of sector-specific ISACs in finance, energy, healthcare, and beyond, creating a "bias toward sharing" that bolsters collective resilience. For consumers and businesses alike, this means fewer disruptions to daily life-from secure banking to uninterrupted power supply.

Because private companies play an integral role in multiple sectors of U.S. critical infrastructure, CISA's fostering of public-private partnerships has been irreplaceable. Without facilitating partnerships, companies might retreat into silos, fearing lawsuits or data exposure, leaving gaps that adversaries exploit.

Letting CISA expire would unravel these gains at a moment of heightened peril. In a year of escalating U.S.-China tensions and Russia's hybrid warfare tactics, such a retreat signals weakness to Beijing and Moscow, inviting bolder probes into U.S. grids, pipelines, and telecoms.

In cyberspace, information is power-and shared intelligence is our greatest defense.

Peter S. Hyun is the former acting chief of the Enforcement Bureau for the Federal Communications Commission and served as Chief Counsel to former U.S. Senator Dianne Feinstein in 2015. Michael Casey is a senior adviser (non-resident) with the Intelligence, National Security, and Technology Program in Washington, D.C., and is a former staff director for the Senate Select Committee on Intelligence.

Programs & Projects