Federal Relations

April 24, 2015

House Passes Two Cyber Security Bills

It was cybersecurity week for the House as it considered and passed two measures dealing with cybersecurity and information sharing to better address cyber threats. Lawmakers, government officials and most industry groups have strongly backed this idea of needing to share information safely, and all made cyber info-sharing a top 2015 legislative priority. The House today wrapped up the work week today as it finished considering the second of two cybersecurity bills. The legislation is the first two of three measures Congress must pass to finally get a cyber info-sharing law in place.

On Wednesday, the House passed the first major cybersecurity bill since the calamitous hacks on Sony Entertainment, Home Depot and JPMorgan Chase. Passed by a vote of 307-116, HR 1560 – the Protecting Cyber Networks Act (PCNA), was backed by House Intelligence Committee leaders and would give companies liability protections when sharing cyber threat data with government civilian agencies, such as the Treasury or Commerce Departments. The goal of the measure is to increase the public-private flow of information about hacking attempts. Advocates of the legislation say such an exchange is the biggest first step the country can take to thwart hackers.  Privacy advocates and other opponents argue the bill will simply shuttle more sensitive information to the National Security Agency (NSA), further empowering its surveillance authority.

On Thursday, the House considered and passed HR 1731 — National Cybersecurity Protection Advancement Act by a 355-63. The intent of the law is to enhance the flow of information about hackers’ tactics between the government and private sector. Advocates say both sides need more data on the threats they face so they can bolster the nation’s faltering network defenses. Again, opposition to the legislation cautioned that this would just further empower the NSA. Shifting these abilities and empowering the Department of Homeland Security, however, has been more politically palatable. The DHS is seen as the agency most technically capable of stripping personal information from any data received before it is shared with the rest of the federal government. A cyber info-sharing hub at the department — with its established privacy oversight measures —  is also considered the ideal locale under which to consolidate domestic cyber efforts.

Both measures have the tepid approval of the White House.

The Senate had been hoping to bring its companion bill, known as the Cybersecurity Information Sharing Act, to the floor sometime in April. Timing for consideration of a cyber bill in the upper chamber remains fluid.