HackerOne: Federal Shutdown and Expiration of Key Laws Weaken America’s Cybersecurity Defenses
WASHINGTON, DC – October 2, 2025 - Ilona Cohen, Chief Legal and Policy Officer at HackerOne, and former general counsel at the Office of Management and Budget, voiced concern about the cybersecurity impact of the federal government’s shutdown as the expiration of key cybersecurity laws creates additional gaps in our national defenses.
“The government shutdown has significantly reduced cybersecurity staffing at federal agencies, weakening not only the defenses of federal systems, but also the resources available to help the private sector identify vulnerabilities and respond to attacks,” said Cohen. “The impact of the shutdown on the private sector and state and local governments will be magnified by the expiration of CISA 2015, which guides information sharing about cyber threats within the private sector and between the private sector and government, and the State and Local Cybersecurity Grant Program, which provided essential funding to protect critical infrastructure across the country.
The Cybersecurity and Infrastructure Security Agency (CISA), which leads our national cyber defenses, has furloughed two-thirds of its personnel from levels that were already significantly reduced by the Administration earlier this year. Similar furloughs of cyber personnel have taken place across other agencies. The absence of security personnel working to protect the nation from these threats creates a security gap and an opportunity for malicious actors to exploit weaknesses.
This year’s shutdown also coincided with the expiration of the Cybersecurity Information Sharing Act of 2015 (CISA 2015) on September 30. The expiration of this law will severely impede companies’ willingness to share information as they assess the risk of doing so without the protections provided by the law. The State and Local Cybersecurity Grant Program provided $1 billion in funding over four years to help state and local governments strengthen their cyber defenses.”
About HackerOne
HackerOne is a global leader in offensive security. Our HackerOne Platform combines AI with the ingenuity of the world’s largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure, pentesting, AI red teaming, and code security. We are trusted by industry leaders like Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and the U.S. Department of Defense. HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.