December 4 – Over the past year, both chambers of Congress have worked on and passed information legislation to encourage the sharing of cyber threat information between the public and private sectors. Before anything reaches the president's desk, however, the House and Senate will have to put together a conference committee to iron out the differences in their respective bills. In this case the committee will have to integrate the three bills in a manner that protects the core focus of each, ensures bipartisan support, and minimizes the potential of a presidential veto.
The House and Senate worked on the issue in very different ways. The House broke it down into two separate bills. On April 22, it passed H.R. 1560, the Protecting Cyber Networks Act (PCNA), and on April 23, it passed H.R. 1731, the National Cybersecurity Protection Advancement Act (NCPAA). PCNA establishes the intelligence community as the central hub for information sharing between public and private entities, giving the Director of National Intelligence the authority to establish procedures for the sharing of information. NCPAA, on the other hand, gives that authority to the Department of Homeland Security, and specifically to the National Security and Communications Integration Center. Both bills passed with bipartisan support.
On October 27, also with a bipartisan vote, the Senate passed S. 754, the Cybersecurity Information Sharing Act (CISA). CISA encourages the voluntary sharing of information and gives authority to regulate and monitor the sharing procedures to the Department of Homeland Security. The bill would also give legal immunity to private entities that share information with the government.
The Congressional Research Center has issued a side-by-side comparison of the three bills. The final bill is expected to favor the Senate's language, and from our discussions with committee staff, it appears they have already worked out many differences between the two chambers. Nonetheless, House and Senate leadership will determine final language and whether or not the bill sees the floor.
Jen Ortega serves as a consultant to EDUCAUSE on federal policy and government relations. She has worked with EDUCAUSE since 2013 and assists with monitoring legislative and regulatory proposals across a range of policy areas, including cybersecurity, data privacy, e-learning, and accessibility.