Karl Schimmeck of Northern Trust Testifies Regarding Need for Reauthorization of the CISA Act on Behalf of SIFMA

Washington, D.C., May 15, 2025 – Today Karl Schimmeck, Executive Vice President and Chief Information Security Officer of Northern Trust, testified before the U.S. House of Representatives

Committee on Homeland Security’s Cybersecurity and Infrastructure Protection Subcommittee at a hearing entitled, “In Defense of Defensive Measures: Reauthorizing Cybersecurity Information Sharing Activities that Underpin U.S. National Cyber Defense.”  Schimmeck, who sits on SIFMA’s Cybersecurity Committee, provided an overview of why it is critical for Congress to reauthorize certain key provisions of the Cybersecurity Information Sharing Act (CISA) of 2015 which are set to expire.

“SIFMA and the financial services industry remain committed to strengthening the cybersecurity of our nation’s critical infrastructure. CISA 2015 has been a vital tool in building the trust, structure, and legal certainty needed for effective, real-time collaboration between the private sector and government,” Schimmeck said in his testimony today. “It has made our institutions more resilient, our responses more coordinated, and our defenses more adaptive. Allowing the Act to lapse would weaken one of the most constructive public-private partnerships in cybersecurity policy to date. We respectfully urge this Subcommittee and Congress to act swiftly to reauthorize CISA 2015.”

The testimony outlines the reasons timely reauthorization is essential:

• The U.S. Government and the private sector face daily cyber threats that require cross-sector information sharing to capably combat.
• Legal protections under CISA 2015 are necessary to facilitate information sharing by and among private companies.
• CISA 2015 provides legal and liability protection for entities that share cyber threat indicators pursuant to the Act. Prior to CISA 2015, existing laws did not clearly shield private entities from regulatory enforcement actions, civil actions, or antitrust enforcement actions when sharing cyber threat information. Such protections encourage voluntary information sharing, which has become necessary for defending against cyber threats.
• Public-private information sharing has been beneficial to the financial services industry’s cybersecurity programs.
• A lapse in the legal framework provided in the Act could discourage essential information sharing.

The full testimony can be found here.

-30-

SIFMA is the leading trade association for broker-dealers, investment banks and asset managers operating in the U.S. and global capital markets. On behalf of our industry’s nearly 1 million employees, we advocate for legislation, regulation and business policy, affecting retail and institutional investors, equity and fixed income markets and related products and services. We serve as an industry coordinating body to promote fair and orderly markets, informed regulatory compliance, and efficient market operations and resiliency. We also provide a forum for industry policy and professional development. SIFMA, with offices in New York and Washington, D.C., is the U.S. regional member of the Global Financial Markets Association (GFMA). For more information, visit http://www.sifma.org.