According to Section 104(c)(1) and subject to certain restrictions a private entity is authorized to share with or receive from the federal government, state and local governments, and other companies “cyber threat indicators” and “defensive measures” for a cybersecurity purpose. Personally identifiable information (PII) must be obfuscated or deleted before sharing. And the sharing entity must use the DHS CISA process to obtain protection.