ISA Policy Positions Cybersecurity Act of 2015
Information Sharing Information Sharing
Information sharing should be voluntary, business-to-business and business-to-government


Section 104 (c): “A non-Federal entity may, for a cybersecurity purpose and consistent with the protection of classified information, share with, or receive from, any other non-Federal entity or the Federal Government a cyber threat indicator or defensive measure.”
Safe Harbors/Liability Protections for sharing information Section 106(b): “No cause of action shall lie or be maintained in any court against any private entity, and such action shall be promptly dismissed, for the sharing or receipt of a cyber threat indicator or defensive measure under section 104 (c).”
FOIA Exemption Section 105(d)(3): “A cyber threat indicator or defensive measure shared with the Federal Government under this title shall be (A) deemed voluntarily shared information and exempt from disclosure under section 552 of title 5, United States Code, and any State, tribal, or local provision of law requiring disclosure of information or records; and (B) withheld, without discretion, from the public.
Protection from Regulatory Use Section 105(d)(i): “Cyber threat indicators and defensive measures provided to the Federal Government under this title shall not be used by any Federal, State, tribal, or local government to regulate, including an enforcement action, the lawful activities of any non-Federal entity or any activities taken by a non-Federal entity pursuant to mandatory standards, including activities related to monitoring, operating defensive measures, or sharing cyber threat indicators.”
Anti-Trust Exemption Section 2(e): “It shall not be considered a violation of any provision of antitrust laws for 2 or more private entities to exchange or provide a cyber threat indicator or defensive measures, or assistance relating to the prevention, investigation, or mitigation of a cybersecurity threat, for cybersecurity purposes under this title.”