Critical Update: What Security Leaders Need to Know Right Now About the Future of CISA and Threat Sharing

What Is CISA and Why Did Its Expiration Leave Cyber Defenses Exposed?

Dr. Aleksandr Yampolskiy, CEO and Co-Founder of SecurityScorecard, sat down with Mike Centrella, former Assistant Director of the U.S. Secret Service and Head of Public Policy at SecurityScorecard, to discuss the expiration of the Cybersecurity Information Sharing Act of 2015 (CISA 2015), the future of threat intelligence sharing, and how AI is accelerating cybercrime faster than defenders can react.

The CISA 2015 provided the legal foundation for real-time, bidirectional threat intelligence sharing between government and private entities. When the law lapsed in late 2025, it left critical infrastructure sectors exposed.

“It just wasn’t a technical gap in the law. It created a real void in national cyber defense.”  — Mike Centrella

“Without that clear liability protection, some companies are hesitant to report what they’re seeing,” he said. “it creates a real blindside across the ecosystem.”

Listen to the audio above, or watch the full webinar on-demand here.

What Does Real-Time Threat Sharing Look Like in Practice?

Centrella shared that real-time sharing allows a hospital detecting a phishing campaign, for example, to scrub and distribute indicators so others can block them proactively. This ecosystem relies on trust, speed, and legal protection. Without these elements, threat actors move faster than defenders can respond.

Centrella and Dr. Yampolskiy explained that the lapse caused immediate operational impacts. Cyber threat indicators shared across sectors dropped by approximately 70%. Utility companies reported slower response times to operational technology (OT) system probes. Healthcare saw a 12% increase in ransomware activity starting in October 2025.

How AI Accelerates Cyber Threats Faster Than Humans Can Respond

Centrella emphasized that attackers are already using AI to automate reconnaissance, probe networks continuously, and scale deepfake social engineering attacks. AI allows attackers to move faster than humans can respond.

“The bad actors are using AI and they have a head start on law enforcement. But I think that gap’s going to change very, very soon. And I think you’re going to see the government and private sector are going to catch up and eventually get ahead,” Centrella said.

He outlined what a modernized CISA must include:

• Support for real-time, automated data sharing
• Modernized liability protections that account for today’s privacy and sovereignty expectations
• AI-powered analytics to surface and contextualize threats in real time
• Strong language supporting secure cross-border collaboration

What Do Organized Cybercriminal Ecosystems Look Like in 2026?

Centrella noted that over the past decade, cybercriminals have professionalized into full-scale operations. These entities function more like corporations than lone hackers.

“A lot of people think these organized cybercrime groups are one guy behind a keyboard and engaging in attacks. These are corporations,” he said. “They have a CEO, they have a head of training, they have a head of fraud, they have full departments and they run like a business.”

He described how fraud has shifted. Attackers increasingly log in using stolen credentials or tokens. Business email compromise (BEC) and synthetic identity fraud rely on deep reconnaissance and patient infiltration.

Centrella shared an example from his time in the Secret Service, where a phishing attack in Pennsylvania led to months of quiet observation inside an accounting firm’s systems. Attackers attempted to divert hundreds of thousands of dollars through a BEC scheme. The only thing that stopped the loss was a second authentication step from a third-party vendor.

Why Speed Is the Deciding Factor in Fraud Prevention

Centrella highlighted that speed is critical to stopping fraud. “Reducing response time by even a minute can mean the difference between a blocked attempt and unrecoverable financial losses,” he said.

He underscored the importance of pre-established relationships with law enforcement. “If you’re shaking hands and introducing yourselves in the middle of a breach, that’s way too late.”

What’s Next for CISA and National Cyber Resilience?

As the January 30 deadline for CISA reauthorization approached, Centrella urged policymakers and private-sector leaders to act with urgency.

“Threat actors don’t wait for legislation,” Centrella said.

Dr. Yampolskiy closed the conversation with a reminder: “Cyber defense depends on coordination and visibility into the threats and risks. No company or agency can handle it alone. We need to come together as a community, both public and private sector, and collaborate to share threat information. That needs to be a part of how we defend by default.”

Listen to the audio here, or watch the full webinar on-demand here.

Strengthen Your Third-Party Risk Program Today

The collapse of threat-sharing frameworks exposes the cracks in global supply chains and third-party ecosystems. SecurityScorecard helps agencies and vendors detect risks early, communicate clearly, and respond faster. With over 30% of breaches originating from third-party vendors, it’s time to act.