The Cybersecurity Information Sharing Act, passed in 2015, was intended to boost private-sector participation, especially among the Fortune 5,000, in DHS’s cyber-intelligence program. To date, however, only six non-federal entities are sharing data while 190 non-federal entities are receiving data through DHS’s automated indicator sharing program. A critic of the bill has urged that government mandates, rather than voluntary partnerships, is more practicable and respectful of personal privacy, stating that “the immunity this misguided law gave to America’s most powerful corporations appears to be far less useful for cybersecurity than its congressional proponents claimed…instead of weakening privacy protections for Americans’ personal information, it would have been more productive for Congress to mandate strong encryption and other common sense cybersecurity best practices.” In its current form, the bill does not provide incentives for companies to share information. It is uncertain what might be done and whether anything will be done to change the incentive structure of the program.
Source: Only 6 Non-Federal Groups Share Cyber Threat Info with Homeland Security – Nextgov