Suzanne Spaulding, the DHS undersecretary who leads the National Protection and Programs Directorate, recently announced that “liability protection shouldn’t be reserved just for sharing data with the government,” but rather extended to “companies sharing cyber threat data among themselves through Information Sharing and Analysis Organizations.”
President Obama’s cybersecurity proposal states that “the private sector can share among themselves through these appropriate organizations and enjoy the same liability protection,” and these organizations themselves will not be required to pass the data along to the government.