After many months of debate, President Obama finally signed the Cyber-Security Information Sharing Act into law in December, doing so with the legislation buried within a massive “omnibus” spending bill. The big question businesses are now asking: In practical terms, is this good news or yet another cyber-security triggered headache?
In brief (and for an in-depth look at the legislation see Jaclyn Jaeger’s reporting here), the legislation creates a voluntary, real-time, data-sharing pipeline for cyber-risks between companies and the government. To facilitate and encourage voluntary information exchanges, the new protocol offers safe harbors intended to assuage fears of violating antitrust laws, regulatory enforcement actions, or legal liabilities.
