I'm... Not sure of this. Honestly, I don't like it much but it seems to be different from SOPA/PIPA/ACTA/OPEN and any other that I missed, at least in some ways. For example, it doesn't directly relate to copyright infringement. It does make sense that if companies and governments share data they collect from attackers, that they can solve the problem(s) faster and more thoroughly.
However, this CISPA seems to be very vague, so it might be able to be used for purposes other than what was described by the supporters.
If it does not impose new obligations on sharing the data, then that seems to be optional. In theory, the government or other companies could simply put pressure on someone who refuses to share until they have no choice, so although there is supposed to be a choice in the matter, that might not be the case in reality. It also doesn't specifically state that it involves monitoring for copyright infringement or really monitoring for anything more than what they already do.
All it seems to do is allow companies to share information that involves cyber attacks on them that might have otherwise been protected by privacy laws and such. To be honest, that does seem reasonable, at least to a point. However, even if this were to pass into law and be used in the manner described by Facebook, the next question to ask is whether or not it will make a difference. Most attacks on companies, agencies and other organizations don't seem to use the exact same method for getting in every time. Just by using a different operating system or even just different software, the same attacks shouldn't work on all of the companies, so this would probably help companies using the same types of computer systems, operating systems, and software the most.
Basically, if I use a lesser known type of system, then the same attacks that would hurt other groups probably wouldn't hurt me, depending on the type of attack. So, if I use a system that is incompatible with most of the others (IE using operating systems and software that aren't common such as using Haiku or a distribution of Linux with a small user base compared to the others), then most attacks won't be able to do much damage to me. Of course there could still be stuff like DDoS and all of that, but if you're smart, then that really isn't such a big deal. Having highly redundant and fairly powerful systems can keep the risk associated with that to a minimum.
However, if DDoS is the main problem, then sharing data and all that doesn't seem like it would make much difference. Seriously, the best that I would expect something like sharing data from DDoS attacks to do is figuring out who did it, not how they did it. Even then, how could it not already be legal to share DDoS attack info such as who did it and all of that? None of that should be protected by any law. It's not privacy infringement to tell another company the IPs that did the DDoS and the other info like that, is it?
Also, not being an asshole company helps incredibly, but that isn't common enough, especially among the large companies.
Of course, this whole comment thus far has been assuming that the companies and government aren't completely lying to us about what they intend to do with this law. Seeing as how it doesn't seem to make a whole lot of sense in when it is looked at as if they are being legitimate about it, they probably aren't being truthful. Of course, I'm not an expert and could have missed something or just be wrong, but this is how it looks to me based on what I have to go on. I won't support this and I think it's already time to try to communicate with a local congressman, not that I'm sure of that doing any good.