Primarily the barrier from government to company was that much of the valuable info was classified. The Obama executive order on cybersecurity created a mechanism to bypass this barrier that is similar to what was in CISPA.
So why pass CISPA now? To remove the barrier in the other direction, from company to government. Right now there are interpretations of certain federal laws that say that companies cannot share threat data with the government. In addition, public companies fear shareholder lawsuits if they were to disclose publicly that they have been hacked.
In an ideal world you would have a virtuous cycle, where one company stops a threat, sends the critical threat info the government, which shares it with every other company--all basically in real time. That would prevent, or at least reduce, the issue now where one exploit works again and again and again at different companies.
Whether it is possible to do this while adequately protecting privacy is the issue. I'm not a lawyer but it seems to me like it should be doable if the language in the bill is done right.
