Is this email difficult to read? View it in a web browser. ›
The Wall Street Journal ProThe Wall Street Journal Pro

CybersecurityCybersecurity

Sponsored by Zscaler logo.

Federal Cyber-Intelligence Sharing Act Expires

By Angus Loten
 

Good day. The 2015 Cybersecurity Information Sharing Act expired Wednesday after weeks of partisan gridlock and amid a broader federal government shutdown. The decade-old legislation sought to encourage private-sector organizations to share intelligence on new attack vectors with the Department of Homeland Security, chiefly the Cybersecurity and Infrastructure Security Agency.

Among other measures, the act set guardrails aimed at shielding companies from antitrust and liability charges. Now, without legal protections, private-sector companies are more likely to withhold critical attack information, leaving potential vulnerabilities exposed. By losing a core strategy meant to prevent Chinese, Russian and other state-sponsored hackers from borrowing deeper into U.S. infrastructure, the federal government has created a dangerous gap in the nation’s cyber defenses, cybersecurity experts say.

Sunsetting the act will “slow the government’s ability to connect the dots, attribute attacks and warn others before new threats spread,” says Cynthia Kaiser, senior vice president of cybersecurity firm Halcyon’s Ransomware Research Center and former deputy director of the Federal Bureau of Investigation’s cyber division.

What do you think of letting the Cybersecurity Information Sharing Act expire? Let me know at angus.loten@wsj.com or reply to this email. Thanks. 

Also today:

  • Center for Internet Security funding lapses
  • Google fixes Gemini AI flaws
  • Tractor Supply hit with $1.35 million privacy fine
 

‏‏‎ ‎
CONTENT FROM: ZSCALER
CXOs: Stop Ransomware with Zero Trust + AI

Ransomware attacks are evolving, but your defenses can keep you one step ahead. Zero Trust and AI empower you to detect, neutralize, and prevent threats before they disrupt your business. Learn how leading CXOs are leveraging this proven approach to stay secure and resilient.

Secure Your Business Now

 

Government & Regulation

PHOTO: AP

CISA Pulls Funding for State Cyber Service. The U.S. Cybersecurity and Infrastructure Security Agency announced that it will not renew its agreement with the nonprofit Center for Internet Security, which expired yesterday. The pact with CIS, which provides funding for the Multi-State Information Sharing and Analysis Center, will instead be replaced with grants, direct relationships with CISA advisors, and a suite of free tools and professional services, the agency said. (WSJ)
 
 

Cyberattacks

PHOTO: ANDY RAIN/EPA/Shutterstock

Reporter Offered Ransomware Job To Hack BBC. Criminals reportedly approached a BBC reporter via encrypted chat, offering a cut of the ransom in exchange for system access. The gang aimed to use those credentials to deploy ransomware and extort the broadcaster. (BBC)

DeKalb County Government Systems Hit by Cyberattack. Multiple systems across DeKalb County, Ind., government departments were disrupted in a cyberattack first detected on Sept. 25, though 911 and public safety services remained unaffected. Officials say no resident data has yet been confirmed compromised and that they are working with external cybersecurity firms to restore operations. (WOWO)

Google Fixes Gemini AI Flaws That Enabled Attacks. Google patched vulnerabilities in its Gemini assistant that allowed attackers to inject malicious prompts into logs, tricking the AI into executing unintended actions. The flaws, found by researchers at Tenable, required minimal social engineering. (SecurityWeek)
 

Tech Live: Where Tech’s Biggest Headlines Are Discussed

WSJ Tech Live is The Wall Street Journal’s premier technology event series. Over three days, our journalists will sit down with top executives, founders and policymakers to explore the most pressing topics of today. It all takes place across two global destinations for innovation and investment: California and Qatar.

Register your interest to be part of this unique live journalism experience and receive access to exclusive discounted rates on your pass.
 

Privacy

PHOTO: Paul Weaver/Zuma Press

Tractor Supply Hit With $1.35 Million Privacy Fine Under CCPA. The California Privacy Protection Agency fined Tractor Supply $1.35 million for multiple privacy failures, including a lack of opt-out options, missing privacy notices and unapproved data-sharing. Tractor Supply also agreed to appoint a compliance officer and overhaul privacy practices. (The Record)
 

About Us

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten, James Rundle and Catherine Stupp. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.

 
Share this email with a friend.
Forward ›
Forwarded this email by a friend?
Sign Up Here ›
 
Desktop, tablet and mobile. Desktop, tablet and mobile.
Access WSJ‌.com and our mobile apps. Subscribe
Apple app store icon. Google app store icon.
Unsubscribe   |    Newsletters & Alerts   |    Contact Us   |    Privacy Notice   |    Cookie Notice
Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.
Copyright 2025 Dow Jones & Company, Inc.   |   All Rights Reserved.
Unsubscribe