John Pescatore, director of emerging security threats at the SANS Institute, said the CISA bill would be unlikely to spur any significant increase in information sharing.
"It does try to address liability and antitrust concerns, and demand that the government protect and not retain such data. But the reality is that there is still little to gain by private industry voluntarily forwarding more information to the federal government. There are existing forums, like the ISACs, where such sharing already takes place at the level which makes sense for businesses," Pescatore said.
Enabling better information sharing is a good idea in principle, said Chris Pierson, chief security officer at Viewpost. "Without bi-directional sharing, companies will face rising threats without any ability to know where they are coming or [how to] mitigate them."
"At the end of the day, companies will compete on products and services, but sharing known bad IP addresses or command & control servers is unlikely to upset competitiveness or IP," he said. " The 'how' has to be figured out, but certainly making it easier to share non-sensitive, non-personally identifiable information, and non-trade secret information could afford all companies greater security."
Sign up for Computerworld eNewsletters.