About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

GAO-25-108509 [1] (2025-07-10)

handle is hein.gao/cbrsctyimno0001 and id is 1 raw text is: The Big Picture Malicious cyberattacks on the federal government and the nation's critical infrastructures, such as electricity and healthcare, are growing in number, impact, and sophistication and have led to significant disruptions. Ransomware attacks on the Healthcare and Public Health sector have led to: InabiHy to roid e Sources GAO anaiysis of p- ublicly reported incident information; GAO (sign); elenabsi/stock ado- be cor ;images); arct pochlstock adobe .coam (hospital); motoramalstock adobe corn (icons)- GAO-25-108509 The Cybersecurity Information Sharing Act of 2015, which sunsets on September 30, 2025, encourages the sharing of (1) cyber threat indicators that provide information on malicious attempts to compromise a system and (2) defensive measures taken against cyber threats. Sharing such information can enhance federal and nonfederal awareness of the extent and type of current cyber threats and attacks, and mitigation techniques to minimize their impact. The act also requires agencies to protect privacy and civil liberties by removing personally identifiable information from shared cyber threat indicators. In this Snapshot, we highlight the actions of seven agencies designated to implement the act-the Departments of Homeland Security, Justice, Defense, Commerce, Energy, and the Treasury; and the Office of the Director of National Intelligence. What GAO's Work Shows We have reported on broad cyber threat information sharing activities, including efforts to implement the act. The Office of the Inspector General of the Intelligence Community (ICIG) has also compiled reports from each agency's inspector general showing the extent to which agencies have implemented the act. Agencies Met the Act's Requirements for Sharing Threat Information and Removing Personally Identifiable Information In 2023, we reported that all seven federal agencies developed government-wide policies, procedures, and guidelines to help federal and nonfederal entities receive and share cybersecurity information, as required by the act. We also reported in 2018 that all seven agencies developed final guidelines related to privacy and civil liberties that govern how threat information is received, used, retained, and distributed to protect personally identifiable information. The CIG reported in 2023 that federal agencies met the provisions of the act. For example, agencies: (1) properly classified all shared information; (2) disseminated, shared, and received threat information and defensive measures in a timely and adequate manner; (3) removed personally identifiable information prior to sharing information; and (4) identified barriers that have hindered sharing such information. GAO-25-108509 Implementation of CISA 2015

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most