Key takeaways

• The Cybersecurity Information Sharing Act (“CISA”), signed into law over the holidays, encourages information sharing regarding “cyber threat indicators” and “defense mechanisms” between and among private entities and the federal government.
• CISA provides a safe harbor from liability for private entities when transmitting such information or when monitoring for cyber threats.
• Key provisions of CISA become operative 60 to 90 days from the bill’s enactment, giving companies a window to consider how their own policies and procedures may need to be adjusted in light of the new law.