On October 27, 2015, the Senate passed the Cyber Information Sharing Act (CISA), which will now go to conference with the House, which passed two similar bills earlier this year. All three bills function generally in the same way in that they permit companies to "monitor" their networks; permit sharing of "Cyber Threat Indicators" with the federal government; and permit private entities to deploy "defensive measures" to protect their systems. Finally, all three bills provide private entities immunity from most civil lawsuits related to monitoring information systems and reporting cyber threat indicators if such activities are done in accordance with the monitoring and sharing provisions of the respective bills, although all three bills do permit lawsuits to proceed against companies for "willful misconduct." CISA also permits lawsuits to proceed against companies for gross negligence, which does not require quite the showing of intentionality or recklessness that "willful misconduct" does. Though the aim of the bills is to facilitate sharing between private industry and the government, to accelerate responses -- and defenses -- to cyber threats, critics raise a host of concerns, including the broad definitions of information that may be shared, and the ability for the government to share information gathered with law enforcement for a number of broad purposes, including the threat of "economic harm." The conference process, and any future floor debates, may result in significant changes and amendments to any final bill, but given the overwhelming support for the measures in both houses of Congress, the eventual passage of some form of cyber sharing bill seems likely.