Tasked national cyber chief confronts a burgeoning agenda

Tasked national cyber chief confronts a burgeoning agenda

The Cybersecurity Information Sharing Act of 2015 (CISA 2015) is scheduled to sunset on September 30, 2025, and Congress faces a fast-approaching deadline to renew it. The reauthorization is critical to maintain liability protections and encourage timely information sharing between the private sector and government to strengthen national cybersecurity.

In early August 2025, Sean Cairncross was confirmed by the Senate as the new National Cyber Director. His role is expected to be pivotal in coordinating national cybersecurity efforts, which includes supporting the reauthorization process of CISA 2015.

As the new National Cyber Director, Cairncross will be responsible for serving as the President's principal cybersecurity advisor and for coordinating cyber policy across government. One of his top tasks will be effectively organizing and leading the government's public-private collaboration, a key aspect of CISA 2015.

The Office of the National Cyber Director (ONCD) is a relatively new organization within the federal government that needs to grow its influence on the rest of the government. Under the Biden administration, ONCD led cross-government initiatives such as regulatory harmonization, a priority that AJ Grotto, former senior White House director for cybersecurity policy, suggested should continue to be a priority for Cairncross.

Cairncross has expressed support for the reauthorization of cybersecurity grants and information-sharing laws, signaling alignment with the broader federal push to improve cybersecurity infrastructure and capabilities. He is expected to play a key role in championing the reauthorization of CISA 2015, facilitating communication between government agencies and private sector partners and helping shape policy priorities.

Recognizing that perfect harmonization of cyber regulations is not possible due to different sectors having different needs, different requirements, and different risk profiles, the greater the harmonization, the better. The effort to ensure that the most systemically critical assets are identified and prioritized for support may require updating a national security memorandum on critical infrastructure security signed by former President Joe Biden last year.

Multiple experts have pointed to the need for the Office of the National Cyber Director to prioritize public-private collaboration supporting the mission of the Sector Risk Management Agencies (SRMAs). The Treasury Department is the SRMA for the financial sector, and its collaboration with the private sector is crucial in protecting the nation's critical infrastructure from cyber threats.

Deep concerns about China-linked hacks of U.S. critical infrastructure, including "Salt Typhoon" and "Volt Typhoon," underscore the urgency of the situation. The federal cyber workforce, such as the Cybersecurity and Infrastructure Security Agency, has faced cuts amid broader reorganizations under previous administrations, further emphasizing the need for robust cybersecurity legislation like CISA 2015.

In summary, the reauthorization of CISA 2015 is urgent with a September 30 deadline. The new National Cyber Director, Sean Cairncross, confirmed in August 2025, is expected to play a key coordinating and advocacy role in the process, supporting both continuation and potential improvements in cybersecurity information sharing frameworks. The ONCD needs to prioritize public-private collaboration to effectively protect the nation's critical infrastructure from cyber threats.

1. The reauthorization of CISA 2015 is crucial for maintaining liability protections and encouraging timely information sharing between the private sector and government, thus strengthening national cybersecurity.
2. As the new National Cyber Director, Sean Cairncross is tasked with coordinating national cybersecurity efforts, including supporting the reauthorization process of CISA 2015, serving as the President's principal cybersecurity advisor, and organizing the government's public-private collaboration.
3. The Office of the National Cyber Director (ONCD) needs to prioritize public-private collaboration to protect the nation's critical infrastructure, particularly with the Sector Risk Management Agencies (SRMAs), such as the Treasury Department, given the increasing threats from cyber attacks like "Salt Typhoon" and "Volt Typhoon."

Read also: