ISA Policy PositionsCybersecurity Act of 2015
Information SharingInformation Sharing
Information sharing should be voluntary, business-to-business and business-to-government

 

Section 104 (c): “A non-Federal entity may, for a cybersecurity purpose and consistent with the protection of classified information, share with, or receive from, any other non-Federal entity or the Federal Government a cyber threat indicator or defensive measure.”
Safe Harbors/Liability Protections for sharing informationSection 106(b): “No cause of action shall lie or be maintained in any court against any private entity, and such action shall be promptly dismissed, for the sharing or receipt of a cyber threat indicator or defensive measure under section 104 (c).”
FOIA ExemptionSection 105(d)(3): “A cyber threat indicator or defensive measure shared with the Federal Government under this title shall be (A) deemed voluntarily shared information and exempt from disclosure under section 552 of title 5, United States Code, and any State, tribal, or local provision of law requiring disclosure of information or records; and (B) withheld, without discretion, from the public.
Protection from Regulatory UseSection 105(d)(i): “Cyber threat indicators and defensive measures provided to the Federal Government under this title shall not be used by any Federal, State, tribal, or local government to regulate, including an enforcement action, the lawful activities of any non-Federal entity or any activities taken by a non-Federal entity pursuant to mandatory standards, including activities related to monitoring, operating defensive measures, or sharing cyber threat indicators.”
Anti-Trust ExemptionSection 2(e): “It shall not be considered a violation of any provision of antitrust laws for 2 or more private entities to exchange or provide a cyber threat indicator or defensive measures, or assistance relating to the prevention, investigation, or mitigation of a cybersecurity threat, for cybersecurity purposes under this title.”