The Cybersecurity Act of 2015: Congress Passes and President Signs Long-Anticipated Measure Setting Framework for Sharing Cyber Threat Information with Federal Government and Private Sector

Sullivan & Cromwell LLP - December 22, 2015
Download

On December 18, 2015, President Obama signed into law the Cybersecurity Act of 2015.  The Act, arguably the most significant piece of federal cyber-related legislation enacted to date, establishes a mechanism for cybersecurity information sharing among private sector and federal government entities.  It also provides safe harbors from liability for private entities that share cybersecurity information in accordance with certain procedures, and it authorizes various entities, including outside the federal government, to monitor certain information systems and operate defensive measures for cybersecurity purposes.  The Act also contains provisions designed to bolster cybersecurity protections at federal agencies, assess the federal government’s cybersecurity workforce, and implement a range of measures intended to improve the cybersecurity preparedness of critical information systems and networks.