DHS and DOJ Publish Joint Guidelines for Voluntary Sharing Cyber Threat Indicators and Defensive Measures with Federal Government

On June 15, 2016, the Department of Homeland Security jointly issued with the Department of Justice guidelines and procedures available here for the voluntary sharing and receiving of cyber threat indicators and defensive measures between and among non-federal and federal entities and among private entities for cybersecurity purposes. These guidelines and procedures, which are directed to be published pursuant to the Cybersecurity Information Sharing Act of 2015 (CISA), describe what types of information may be shared, the mechanisms for sharing it (including through the DHS-operated Automated Indicator Sharing platform), and how to safeguard privacy and civil liberties to qualify for the liability and other protections afforded by CISA, which include a limited antitrust exemption; exemption from state and federal disclosure laws; exemption from certain state and federal regulatory uses; no waiver of privilege; protection for commercial, financial and proprietary information; and an ex parte communications waiver.