Key Cyber Law Expires Amid Shutdown: Implications of the CISA 2015 Lapse
As the U.S. marks Cybersecurity Awareness Month, a critical pillar of the nation’s digital defense has expired. On September 30th, Congress failed to pass a continuing resolution, furloughing many federal cybersecurity staff and allowing the Cybersecurity Information Sharing Act (CISA) of 2015 to lapse as cyber threats are reaching unprecedented levels. The Cybersecurity and Infrastructure Security Agency, which spearheaded much of the law’s implementation, has also furloughed nearly two-thirds of its workforce.
This lapse creates legal uncertainty, disrupts threat information sharing between government and industry and increases national exposure to cyberattacks. While a short-term extension was included in the House funding bill, broader reauthorization remains stalled as the federal government remains shutdown. Lawmakers and industry leaders have expressed not only the desire to renew the law, but also its necessity to maintain cybersecurity posture.
What is CISA 2015?
CISA 2015 was a pivotal federal law designed to enhance national cybersecurity by facilitating the exchange of real-time cyber threat information sharing between the private sector and the federal government. Its key features included:
- Clear definitions and privacy guidelines that establish what data could be shared and how it would be protected.
- A centralized information hub to streamline data exchange and analysis.
- Liability protections and antitrust exemptions to encourage private companies to share critical threat information without fear of legal repercussions.
These provisions enabled companies to legally monitor their networks, take defensive actions, and share threat intelligence with federal partners to improve response to cyber attacks and strengthen cybersecurity posture. Over the past decade, this framework fueled the rapid expansion of Information Sharing and Analysis Centers (ISACs) across critical sectors like energy, finance and healthcare. These ISACs have become an essential part of early warnings, coordinated responses and rapid patching against evolving cyber threats.
What happens now?
With the law expired, both public and private cybersecurity operations are entering uncertain terrain. Companies no longer have guaranteed legal protection when sharing cyber threat data with the federal government. Many legal teams are likely to slow or pause information exchanges, subjecting each case to additional review. This creates bottlenecks that can delay critical alerts and limit visibility into national threat activity.
On the government side, furloughs have sidelined analysts who typically aggregate, correlate and act on threat intelligence. State and local governments may attempt to fill some gaps, but few have the infrastructure or capacity to match federal capabilities. The result could be delayed alerts, slower security patching and longer exposure windows for critical infrastructure, which are precisely the vulnerabilities adversaries are eager to exploit.
For technology companies, this environment demands heightened vigilance. Vendors and partners supporting federal and critical infrastructure clients will need to double down on continuous monitoring, threat hunting, and risk management, recognizing that federal support may be temporarily limited. Technology companies can strengthen automated monitoring and incident response capabilities to fill potential gaps in coordination and offer value-added threat intelligence services to customers who may be seeking supplemental support during the lapse.
Opportunities for Change
While this lapse poses real risks, it also presents an opportunity to modernize the CISA 2015 framework for the rapidly evolving threat landscape. Congress and federal agencies can use this time to consider:
- Updating the definitions and scope to reflect emerging threats such as AI-driven attacks, cloud-native architectures and complex supply chains.
- Shift from reactive to more predictive information sharing, using advanced analytics and automation to detect patterns earlier and deliver more contextualized threat intelligence.
- Align with cybersecurity maturity frameworks, such as the Cybersecurity Maturity Model Certification (CMMC), to make baseline cyber hygiene a standard across the federal supply chain.
Modern cyber threats are faster, more sophisticated and more frequent. A reauthorized and updated cyber threat information sharing framework could become the backbone of a next-generation public–private cyber defense ecosystem, that is better equipped and capable of moving at the speed of modern attacks.
The lapse of CISA 2015 is a critical stress test for the nation’s cyber defense posture. The longer the gap persists, the more risk accumulates, but Congress now has an opportunity to modernize and strengthen the framework to emerge with a more resilient and future-ready cybersecurity ecosystem. During this time of flux, vendors and partners should reassess information-sharing practices and legal protections to ensure compliance and risk mitigation. Be sure to engage proactively with policymakers and industry groups to be thought leaders in helping shape cybersecurity modernization efforts and advocate for standards that align with operational realities.
To get more TD SYNNEX Public Sector Market Insight content, please visit our Market Intelligence microsite.
About the Author:
Nikki Hamlin is a senior analyst on the TD SYNNEX Public Sector Market Intelligence team covering trends across the federal market. Nikki has more than 8 years of experience in federal procurement research and analysis, providing critical insights to support businesses in making informed decisions across civilian and defense agencies.
Related Blog Posts
Market Intelligence, Technology
The Space Systems Command (SSC) Front Door is now the go-to portal for businesses looking to work with the US Space Force. As the Space Force budget is requested as high as $39 billion, including all FY26 requests and reconciliation funding, IT companies have a bigger role to play than ever.
Toan Le
Market Intelligence, Technology
The Space Systems Command (SSC) Front Door is now the go-to portal for businesses looking to work with the US Space Force. As the Space Force budget is requested as high as $39 billion, including all FY26 requests and reconciliation funding, IT companies have a bigger role to play than ever.
Toan Le
Cybersecurity, Federal Government, Market Intelligence, Technology
The United States is facing a significant cybersecurity workforce shortage, with NIST identifying over 500,000 open cyber positions and estimating there are 74 workers for every 100 cyber jobs. This shortage threatens both the nation’s private sector security profile and federal agencies struggling to compete for cybersecurity professionals. As such, the government is working to support cyber education in the United States. In the meantime, departments will also likely need to implement cyber solutions that can aid in accommodating for the workforce shortfall.
Gabriel Zighelboim
Cybersecurity, Federal Government, Market Intelligence, Technology
The United States is facing a significant cybersecurity workforce shortage, with NIST identifying over 500,000 open cyber positions and estimating there are 74 workers for every 100 cyber jobs. This shortage threatens both the nation’s private sector security profile and federal agencies struggling to compete for cybersecurity professionals. As such, the government is working to support cyber education in the United States. In the meantime, departments will also likely need to implement cyber solutions that can aid in accommodating for the workforce shortfall.
Gabriel Zighelboim
Cybersecurity, Federal Government, Market Intelligence, Technology
The United States is facing a significant cybersecurity workforce shortage, with NIST identifying over 500,000 open cyber positions and estimating there are 74 workers for every 100 cyber jobs. This shortage threatens both the nation’s private sector security profile and federal agencies struggling to compete for cybersecurity professionals. As such, the government is working to support cyber education in the United States. In the meantime, departments will also likely need to implement cyber solutions that can aid in accommodating for the workforce shortfall.
Gabriel Zighelboim
Cybersecurity, Federal Government, Market Intelligence, Technology
The United States is facing a significant cybersecurity workforce shortage, with NIST identifying over 500,000 open cyber positions and estimating there are 74 workers for every 100 cyber jobs. This shortage threatens both the nation’s private sector security profile and federal agencies struggling to compete for cybersecurity professionals. As such, the government is working to support cyber education in the United States. In the meantime, departments will also likely need to implement cyber solutions that can aid in accommodating for the workforce shortfall.
Gabriel Zighelboim
Federal Government, Market Intelligence, Technology
In 2018, the federal government started implementation of Trusted Workforce 2.0, a whole-of-government approach to establish a single employee vetting system for the US government which promises increased security and reduced background check times.
Gabriel Zighelboim
Federal Government, Market Intelligence, Technology
In 2018, the federal government started implementation of Trusted Workforce 2.0, a whole-of-government approach to establish a single employee vetting system for the US government which promises increased security and reduced background check times.
Gabriel Zighelboim
Federal Government, Market Intelligence, Technology
In 2018, the federal government started implementation of Trusted Workforce 2.0, a whole-of-government approach to establish a single employee vetting system for the US government which promises increased security and reduced background check times.
Gabriel Zighelboim
Cybersecurity, Market Intelligence
October is Cybersecurity Awareness Month. 2025 has been a year sprinkled with updates to security needs across federal agencies, with new rules and enforcement attempting to reshape how IT vendors and partners engage with the government. Here’s the most prominent Need to Know topics and insights across the space, starting with CMMC.CMMC 2.0The Department of Defense is set to begin enforcing the Cybersecurity Maturity Model Certification (CMMC) regulations on November 10, 2025.
Susanna Patten
Cybersecurity, Market Intelligence
October is Cybersecurity Awareness Month. 2025 has been a year sprinkled with updates to security needs across federal agencies, with new rules and enforcement attempting to reshape how IT vendors and partners engage with the government. Here’s the most prominent Need to Know topics and insights across the space, starting with CMMC.CMMC 2.0The Department of Defense is set to begin enforcing the Cybersecurity Maturity Model Certification (CMMC) regulations on November 10, 2025.
Susanna Patten
Federal Fiscal Year End, Federal Government, Market Intelligence, Technology
At this point, anyone keenly watching the budget process every year can tell you the likelihood of a continuing resolution (CR) being passed as opposed to a new budget by Oct 1st is all but guaranteed. CRs act as a temporary stopgap designed to avoid a government shutdown. However, it also locks funding to the previous fiscal year’s level and prevents new projects from getting started. Projects then remain under operations and maintenance until a new budget, with new requirements, is passed.
Susanna Patten
Federal Fiscal Year End, Federal Government, Market Intelligence, Technology
At this point, anyone keenly watching the budget process every year can tell you the likelihood of a continuing resolution (CR) being passed as opposed to a new budget by Oct 1st is all but guaranteed. CRs act as a temporary stopgap designed to avoid a government shutdown. However, it also locks funding to the previous fiscal year’s level and prevents new projects from getting started. Projects then remain under operations and maintenance until a new budget, with new requirements, is passed.
Susanna Patten
Federal Fiscal Year End, Federal Government, Market Intelligence, Technology
At this point, anyone keenly watching the budget process every year can tell you the likelihood of a continuing resolution (CR) being passed as opposed to a new budget by Oct 1st is all but guaranteed. CRs act as a temporary stopgap designed to avoid a government shutdown. However, it also locks funding to the previous fiscal year’s level and prevents new projects from getting started. Projects then remain under operations and maintenance until a new budget, with new requirements, is passed.
Susanna Patten
AI, Federal Government, IT Perspective, Market Intelligence, News, State & Local Government, Technology
The One Big Beautiful Bill Act (OBBA), enacted on July 4, 2025, is a significant piece of legislation outlining President Trump's executive agenda and guiding future U.S. tax and spending policies.
Yvonne Maffia
AI, Federal Government, IT Perspective, Market Intelligence, News, State & Local Government, Technology
The One Big Beautiful Bill Act (OBBA), enacted on July 4, 2025, is a significant piece of legislation outlining President Trump's executive agenda and guiding future U.S. tax and spending policies.
Yvonne Maffia
AI, Federal Government, IT Perspective, Market Intelligence, News, State & Local Government, Technology
The One Big Beautiful Bill Act (OBBA), enacted on July 4, 2025, is a significant piece of legislation outlining President Trump's executive agenda and guiding future U.S. tax and spending policies.
Yvonne Maffia
AI, Market Intelligence, State & Local Government, Technology
On July 23, 2025, the Trump administration released an AI Action Plan, highlighting 90 federal policy directives across three key pillars: Accelerating Innovation, Building American AI Infrastructure and Leading in International Diplomacy and Security. The Plan also supports the tenants of the President’s earlier January 23, 2025, Executive Order 14179, “Removing Barriers to American Leadership in Artificial Intelligence.”
Yvonne Maffia
AI, Market Intelligence, State & Local Government, Technology
On July 23, 2025, the Trump administration released an AI Action Plan, highlighting 90 federal policy directives across three key pillars: Accelerating Innovation, Building American AI Infrastructure and Leading in International Diplomacy and Security. The Plan also supports the tenants of the President’s earlier January 23, 2025, Executive Order 14179, “Removing Barriers to American Leadership in Artificial Intelligence.”
Yvonne Maffia
AI, Cloud, Federal Government, Market Intelligence, Technology, Zero Trust
In August, the Department of the Air Force (DAF) held the annual Department of the Air Force IT Conference (DAFITC) in Montgomery, Alabama. They brought together leading voices from the U.S. Air Force, U.S. Space Force, industry and academia centered on the theme “Lethality, Readiness and Efficiency.” The event spotlighted how modern IT infrastructure, cybersecurity, data and workforce development are all coming together to shape a more agile, secure and mission-ready force.
Nikki Hamlin
AI, Cloud, Federal Government, Market Intelligence, Technology, Zero Trust
In August, the Department of the Air Force (DAF) held the annual Department of the Air Force IT Conference (DAFITC) in Montgomery, Alabama. They brought together leading voices from the U.S. Air Force, U.S. Space Force, industry and academia centered on the theme “Lethality, Readiness and Efficiency.” The event spotlighted how modern IT infrastructure, cybersecurity, data and workforce development are all coming together to shape a more agile, secure and mission-ready force.
Nikki Hamlin
AI, Cloud, Federal Government, Market Intelligence, Technology, Zero Trust
In August, the Department of the Air Force (DAF) held the annual Department of the Air Force IT Conference (DAFITC) in Montgomery, Alabama. They brought together leading voices from the U.S. Air Force, U.S. Space Force, industry and academia centered on the theme “Lethality, Readiness and Efficiency.” The event spotlighted how modern IT infrastructure, cybersecurity, data and workforce development are all coming together to shape a more agile, secure and mission-ready force.
Nikki Hamlin
Federal Government, Market Intelligence, Technology
The Department of Defense (DoD) Defense Innovation Unit (DIU) recently introduced the Digital OnRamp Platform, designed to connect private sector organizations with DoD opportunities. It’s scheduled for release in the fall of 2025, and leverages advanced AI and large language model (LLM) technologies to simplify and enhance the process of matching private sector capabilities with defense needs
Toan Le
Federal Government, Market Intelligence, Technology
The Department of Defense (DoD) Defense Innovation Unit (DIU) recently introduced the Digital OnRamp Platform, designed to connect private sector organizations with DoD opportunities. It’s scheduled for release in the fall of 2025, and leverages advanced AI and large language model (LLM) technologies to simplify and enhance the process of matching private sector capabilities with defense needs
Toan Le
Federal Government, Market Intelligence, Technology
The Department of Defense (DoD) Defense Innovation Unit (DIU) recently introduced the Digital OnRamp Platform, designed to connect private sector organizations with DoD opportunities. It’s scheduled for release in the fall of 2025, and leverages advanced AI and large language model (LLM) technologies to simplify and enhance the process of matching private sector capabilities with defense needs
Toan Le
Cybersecurity, Federal Government, Market Intelligence, Technology
The DoD is rolling out aggressive updates to its supply chain cybersecurity framework. If you sell software, services or infrastructure into the Defense Industrial Base (DIB), expect tighter requirements, faster timelines and zero tolerance for compliance gaps. These changes affect your ability to win and keep DoD contracts—especially with new programs like:
Toan Le
Cybersecurity, Federal Government, Market Intelligence, Technology
The DoD is rolling out aggressive updates to its supply chain cybersecurity framework. If you sell software, services or infrastructure into the Defense Industrial Base (DIB), expect tighter requirements, faster timelines and zero tolerance for compliance gaps. These changes affect your ability to win and keep DoD contracts—especially with new programs like:
Toan Le
Cybersecurity, Federal Government, Market Intelligence, Technology
The DoD is rolling out aggressive updates to its supply chain cybersecurity framework. If you sell software, services or infrastructure into the Defense Industrial Base (DIB), expect tighter requirements, faster timelines and zero tolerance for compliance gaps. These changes affect your ability to win and keep DoD contracts—especially with new programs like:
Toan Le
Cybersecurity, Federal Government, Market Intelligence, Technology
The DoD is rolling out aggressive updates to its supply chain cybersecurity framework. If you sell software, services or infrastructure into the Defense Industrial Base (DIB), expect tighter requirements, faster timelines and zero tolerance for compliance gaps. These changes affect your ability to win and keep DoD contracts—especially with new programs like:
Toan Le
Federal Fiscal Year End, Market Intelligence
As we enter the final stretch of the federal fiscal year, IT vendors and resellers should prepare for a busy final quarter. Federal agencies are working against the clock to obligate FY25 funds—especially those made available only after Congress passed a continuing resolution (CR) in March. At DLT, we’ve analyzed the landscape to help our vendors and partners navigate this critical period with precision.
Susanna Patten
Federal Government, Market Intelligence, Technology
The Department of Veterans Affairs’ (VA) Office of Inspector General (OIG) released a report on July 1, 2025 announcing it found VA procured IT systems which failed to comply with legally-required accessibility standards. Specifically, of the 30 “bedrock and critical” IT systems audited by OIG as part of its report, the inspector general found only four systems that complied with Section 508 of the Rehabilitation Act.
Gabriel Zighelboim
Federal Government, Market Intelligence, Technology
The Department of Veterans Affairs’ (VA) Office of Inspector General (OIG) released a report on July 1, 2025 announcing it found VA procured IT systems which failed to comply with legally-required accessibility standards. Specifically, of the 30 “bedrock and critical” IT systems audited by OIG as part of its report, the inspector general found only four systems that complied with Section 508 of the Rehabilitation Act.
Gabriel Zighelboim
Federal Government, Market Intelligence, Technology
The Department of Veterans Affairs’ (VA) Office of Inspector General (OIG) released a report on July 1, 2025 announcing it found VA procured IT systems which failed to comply with legally-required accessibility standards. Specifically, of the 30 “bedrock and critical” IT systems audited by OIG as part of its report, the inspector general found only four systems that complied with Section 508 of the Rehabilitation Act.
Gabriel Zighelboim
Market Intelligence
Since the Department of Veterans Affairs (VA) launched its most recent attempt to modernize its electronic health record (EHR) system in 2020, the initiative has been plagued with numerous setbacks and budget overruns. Given the issues faced, lawmakers recently introduced a new discussion draft of legislation that would increase oversight of the VA’s efforts.
Gabriel Zighelboim
AI, Cybersecurity, Federal Government, Market Intelligence
In early June, President Trump released an Executive Order designed to modify sections of Orders 13694 and 14144 previously released by former administrations and “strengthen the nation’s cybersecurity by focusing on critical protections against foreign cyber threats and enhancing secure technology practices.” We’ll look at the latest provisions and implications therein specifically to software, quantum and AI development.
Susanna Patten
AI, Cybersecurity, Federal Government, Market Intelligence
In early June, President Trump released an Executive Order designed to modify sections of Orders 13694 and 14144 previously released by former administrations and “strengthen the nation’s cybersecurity by focusing on critical protections against foreign cyber threats and enhancing secure technology practices.” We’ll look at the latest provisions and implications therein specifically to software, quantum and AI development.
Susanna Patten
AI, Cybersecurity, Federal Government, Market Intelligence
In early June, President Trump released an Executive Order designed to modify sections of Orders 13694 and 14144 previously released by former administrations and “strengthen the nation’s cybersecurity by focusing on critical protections against foreign cyber threats and enhancing secure technology practices.” We’ll look at the latest provisions and implications therein specifically to software, quantum and AI development.
Susanna Patten
AI, Cybersecurity, Data, Federal Government, Market Intelligence
The Samosa Act, a bipartisan piece of legislation which passed the House in December 2024, has been reintroduced in the senate after advancing through the Senate Homeland Security and Governmental Affairs Committee in May 2023 but failing to reach the Senate floor for a final vote.
Yvonne Maffia
AI, Cybersecurity, Data, Federal Government, Market Intelligence
The Samosa Act, a bipartisan piece of legislation which passed the House in December 2024, has been reintroduced in the senate after advancing through the Senate Homeland Security and Governmental Affairs Committee in May 2023 but failing to reach the Senate floor for a final vote.
Yvonne Maffia
AI, Cybersecurity, Data, Federal Government, Market Intelligence
The Samosa Act, a bipartisan piece of legislation which passed the House in December 2024, has been reintroduced in the senate after advancing through the Senate Homeland Security and Governmental Affairs Committee in May 2023 but failing to reach the Senate floor for a final vote.
Yvonne Maffia
AI, Cybersecurity, Data, Market Intelligence
The 2025 fiscal year-end is right around the corner for 46 states, which means that it’s time to take advantage of those end-of-year opportunities before they are gone. SLED decision-makers are already looking ahead to next year’s budget process and are working to identify the most pressing technology policy and priority areas that will shape future downstream requirements.
Yvonne Maffia
AI, Cybersecurity, Data, Market Intelligence
The 2025 fiscal year-end is right around the corner for 46 states, which means that it’s time to take advantage of those end-of-year opportunities before they are gone. SLED decision-makers are already looking ahead to next year’s budget process and are working to identify the most pressing technology policy and priority areas that will shape future downstream requirements.
Yvonne Maffia
AI, Cloud, Market Intelligence
There have been big changes to federal technology acquisition in the initial months of the Trump administration to streamline procurement and increase competition. In line with these efforts, a bipartisan group of lawmakers, including Senators Elizabeth Warren and Eric Schmitt, introduced a bill to combat market concentration for artificial intelligence (AI) and cloud capabilities in the Department of Defense (DOD).
Nikki Hamlin
Federal Government, Market Intelligence, Technology
In the administration’s first 100 days in office, multiple executive orders (EO) were signed to update federal procurement. Several initiatives released across the federal market include the OneGov Strategy, procurement consolidation and the Army Transformation Initiative.
Nikki Hamlin
Federal Government, Market Intelligence, Technology
In the administration’s first 100 days in office, multiple executive orders (EO) were signed to update federal procurement. Several initiatives released across the federal market include the OneGov Strategy, procurement consolidation and the Army Transformation Initiative.
Nikki Hamlin
Federal Government, Market Intelligence, Technology
In the administration’s first 100 days in office, multiple executive orders (EO) were signed to update federal procurement. Several initiatives released across the federal market include the OneGov Strategy, procurement consolidation and the Army Transformation Initiative.
Nikki Hamlin
Market Intelligence, Member Spotlight
While some people may view curiosity as a personality trait, Susanna Patten sees it as an important strategic asset. In her role as Senior Manager, Market Intelligence at TD SYNNEX Public Sector, she goes beyond analyzing numbers; she uncovers the narrative behind them. By approaching data with a storytelling mindset, she is able to turn information into insight, and insight into impact.
Julie Morris
Federal Government, Market Intelligence, Technology
On Thursday April 30th, Defense Secretary Pete Hegseth released a memo for the U.S. Army to undergo a “comprehensive transformation”.
Nikki Hamlin
Federal Government, Market Intelligence, Technology
On Thursday April 30th, Defense Secretary Pete Hegseth released a memo for the U.S. Army to undergo a “comprehensive transformation”.
Nikki Hamlin
Federal Government, Market Intelligence, Technology
On Thursday April 30th, Defense Secretary Pete Hegseth released a memo for the U.S. Army to undergo a “comprehensive transformation”.
Nikki Hamlin