In mid June the Congressional Research Service (CRS) released a report comparing three bills that address information sharing and related activities in cybersecurity. The bills, two from the House of Representatives and one from the Senate, are the Protecting Cyber Networks Act (PCNA, H.R. 1560 as passed by the House), the National Cybersecurity Protection Advancement Act of 2015 (NCPAA, H.R. 1731 as passed by the House), and the Cybersecurity Information Sharing Act of 2015 (CISA, S. 754).
According to the CRS report, all three bills focus on information sharing among private entities and between those entities and the federal government. The bills also address the structure of the information-sharing process, liability risks for private-sector sharing, and privacy concerns related to information sharing.
Private-sector entities are often reluctant to share information because of concerns about legal liability, antitrust violations, regulatory requirements, and protection of intellectual property and other proprietary business information. Institutional and cultural factors have also been cited as impeding information sharing, as secrecy is often equated to security. These bills aim to address these concerns and encourage private-sector entities to view information sharing as a crucial part of their organization’s security.
The bills limit the use of shared information to purposes of cybersecurity and law enforcement. The bills also limit other government use, and potential misuse, of shared information, and include provisions to shield information shared with the federal government from public disclosure.
For more information about the report, please follow the links below.
Parsing the cyber bills in the 114th Congress, FCW
Cybersecurity and Information Sharing: Comparison of Legislative Proposals in the 114th Congress, Congressional Research Service