Topics:
For enterprise security teams, the threat intelligence sharing calendar is ticking down again. On Jan. 30, 2026, the Cybersecurity Information Sharing Act of 2015 (CISA 2015) expires—once more. For chief information security officers already managing near impossible expectations with finite budgets, this deadline represents more than legislative drama. The deadline signals a fundamental shift in how enterprises conduct threat defense, share intelligence, and protect critical systems.
The outlook is not good. When CISA 2015 expired on Sept. 30, many reported that some cyber threat information flows slowed or stopped, as the statutory protections against antitrust liability, regulatory enforcement action, FOIA disclosure, and Computer Fraud and Abuse Act exposure expired.
"It's a mess. I can attest that what I'm seeing in my current feeds has already declined noticeably since this uncertainty began."
—Andrew Storms, Replicated
"We're not operating in a complete void. The uncertainty [this situation has created] itself is the problem," said Timothy Amerson, federal strategic advisor at cybersecurity advisory GuidePoint Security. "Security teams cannot build sustainable programs around 60-day extensions. Congressional leadership needs to provide long-term clarity so enterprises can plan accordingly," he said.
Andrew Storms, VP of security at software distribution platform provider Replicated agrees. "It's a mess. I can attest that what I'm seeing in my current feeds has already declined noticeably since this uncertainty began," Storms said.
"Organizations can't build sustainable information sharing programs on 60-90 day legal foundations. General counsels are risk-averse by nature, and the prospect of liability protections disappearing mid-incident creates institutional hesitation that's hard to overcome. It was already a tough hill to climb, addressing all the legal and liability concerns when CISA 2015 first launched. A few years of this uncertainty could take a decade to repair, even after we get those reassurances back on the table," Storms continued.
Still, it is essential to remember that even though CISA 2015 protections remain in flux, enterprises can still share threat intelligence with the government and each other. "The liability protections are important, but they're only one part of the larger picture. Agencies such as the FBI, CISA, and the Secret Service can still receive and share information; it simply requires a more careful legal approach than before," Amerson said.
"Most organizations will need to revisit the earlier DOJ and FTC guidance, update their sharing agreements, and make sure any data they pass along is properly minimized. In practice, this means legal teams will have a heavier hand in the process, which can slow the pace, but it does not prevent meaningful collaboration from taking place," Amerson said.
Still, due to the uncertainty, CISOs who previously made rapid decisions to share indicators of compromise, attack tactics, and emerging threat intelligence suddenly face legal review bottlenecks, some organizations have suspended participation in Information Sharing and Analysis Centers (ISACs) and ISAOs, leaving federal defenders and peer organizations operating in the dark about coordinated attack campaigns.
The Jan. 30, 2026, extension restored legal certainty but created a new problem: organizations that suspended sharing remain reluctant to resume, given another imminent expiration. Trust, once eroded, restores slowly.
With the end of January expiration date approaching, enterprise security leadership can take immediate actions to minimize impact.
CISOs cannot depend solely on federal feeds or ISAC participation—supplement government intelligence with commercial threat intelligence providers, open-source intelligence platforms, and peer networks. Build organizational resilience that transcends any single information-sharing framework.
When the availability of threat intelligence becomes uncertain, defensive fundamentals become paramount. Rigorous patch management using CISA's Known Exploited Vulnerabilities catalog, robust access controls, and regular security audits creates security postures that are less dependent on external intelligence feeds.
Work with counsel to document information-sharing agreements, validate contractual protections around shared data, and establish liability frameworks that survive statutory uncertainty. Ensure private-to-private sharing agreements include robust antitrust safeguards.
CISOs should encourage their organizations to support permanent reauthorization of the CISA 2015. The bipartisan House Homeland Security Committee proposal for a 10-year extension, coupled with Senate support, represents achievable legislative solutions that would eliminate recurring uncertainty.
The federal government has invested $3 billion in CISA to protect American cybersecurity. Private enterprises depend on legal certainty to share the threat intelligence that makes federal investment effective. Congress has shown it will extend CISA 2015 when forced to act urgently. The question now is whether lawmakers will provide permanent certainty before Jan. 30, 2026—or whether CISOs will once again face legal paralysis and reduced collaborative capability.
The answer determines whether America's cybersecurity infrastructure operates at full capability or reduced effectiveness.
"As head of security at a small company where acquiring budget for threat feeds is already a challenge, we've come to rely on the network effect that CISA provides. Threat-sharing networks were slow and of variable quality, even with the protections in place. Without them, smaller organizations like ours are left with little help," explained Storms.
George V. Hulme is an award-winning journalist and internationally recognized information security and business technology writer. He has covered business, technology, and IT security topics for more than 20 years. His work has appeared in CSOOnline, ComputerWorld, InformationWeek, Security Boulevard, and dozens of other technology publications. He is also a founding editor at DevOps.com.
