Cyber Threat Sharing Act of 2015

Cyber Threat Sharing Act of 2015

Amends the Homeland Security Act of 2002 to permit private entities to: (1) disclose lawfully obtained cyber threat indicators to a private information sharing and analysis organization and the national cybersecurity and communications integration center (NCCIC); and (2) receive indicators disclosed by private entities, the federal government, or state or local governments.

Permits any entity to disclose lawfully obtained indicators to a federal entity for investigative purposes consistent with the lawful authorities of the federal entity.

Restricts private entities' use, retention, or further disclosure of cyber threat indicators to purposes relating to information system protection, cyber threat identification or mitigation, or crime reporting.

Directs the Department of Homeland Security (DHS) to select through a competitive process a private entity to identify best practices for private information sharing and analysis organizations.

Provides liability protections to entities that voluntarily share lawfully obtained indicators with: (1) the NCCIC, or (2) a private information sharing and analysis organization if the organization self-certifies that it has adopted the best practices identified by the DHS-selected private entity.

Directs DHS to: (1) designate the NCCIC to receive and disclose threat indicators to federal and nonfederal entities in as close to real time as practicable, and (2) develop a program to support implementation of automated mechanisms for real time sharing.

Prohibits a federal entity from using a disclosed indicator as evidence in a regulatory enforcement action against the entity that disclosed the indicator, but allows a federal entity to use disclosed indicators for regulatory enforcement if the information is received by other lawful means.

Requires DHS to develop policies for federal entities to:

• anonymize and destroy information in a timely manner to limit the acquisition, interception, retention, use, and disclosure of indicators that are likely to identify specific persons;
• limit reception, use, and retention only to protect information systems or to investigate, prosecute, or otherwise respond to computer crimes, threats of death or serious bodily harm, serious threats to a minor, or attempts or conspiracies to commit such offenses;
• preserve confidentiality of proprietary information; and
• penalize federal employees who violate these policies.

Repeals threat indicator sharing procedures established by this Act five years after enactment of this Act.

Expresses the sense of Congress that the statement issued by the Department of Justice and the Federal Trade Commission on April 10, 2014, entitled "Antitrust Policy Statement On Sharing Of Cybersecurity Information" provides protections against antitrust concerns for the legitimate sharing of cyber threat indicators.