In addition, there are commercial threat intelligence information services.
"All the big players, because they want to see what everyone else has, anonymously exchange malware samples," said Kalember. "And its very very useful information. The private sector has been doing things like this for a very long time."
And companies without the ability to set up information sharing infrastructure on their own are increasingly turning to security vendors who do it for them.
One recent vendor in this space is TruSTAR Technology, which allows enterprises to instantly share threat data with one another in an anonymized way.
"It allows companies to work together and share actionable information without it being known that it comes from you," said CEO Paul Kurtz, who is a former White House cybersecurity adviser.
And member organizations don't just share out of the goodness of their hearts, since they get immediate feedback about other similar reports and benefit from what others have already learned. The platforms even enable security analysts from different companies to work together to counter attacks, both anonymously, and in trusted groups.
The incident database is stripped of all identifying information, Kurtz said, either personally identifiable information about the individuals, or information about the organization that is sharing the information.
"Even if Uncle Sam comes to me sand says, 'Where did you get that data?' I can't tell them," Kurtz said. "It's not that I won't tell them -- I can't tell them."
But despite the fact that his company offers a product specifically designed to address the same kind of problems as CISA, Kurtz supports the legislation.
"I really do think we need Congress to enable enterprises to connect with each other and work with each other in defeating the bad guys," he said. "Right now, they have one hand tied behind their back."
Sign up for Computerworld eNewsletters.