The House of Representatives on Wednesday passed the first of two cyber threat information sharing bills being considered this week, the Protecting Cyber Networks Act (H.R. 1560).
The bill passed 307-116 after adopting five amendments, all but one by voice vote.
H.R. 1560, originating in the House Permanent Select Committee on Intelligence, was sponsored by Chairman Devin Nunes (R-Calif.), Rep. Lynn Westmoreland (R-Ga.), and Rep. Jim Himes (D-Conn.) (Defense Daily, March 26).
The bill provides limited liability protections to the private sector, similar to other bills introduced in the 114th Congress. The legislation also prohibits the government from forcing private entities to provide information to the government while requiring the companies that do share cyber threat indicators with the government to remove personal information.
Before the bill was passed, an amendment from Rep. Andre Carson (D-Ind.) was approved, requiring the Inspector General to report on sharing and removal procedures of personal information and any improper treatment of the information.
“For all the benefits of this bill, the American people still rightfully so expect oversight that is consistent and comprehensive,” Carson said.
“It will ensure Congress and the public that sharing is happening properly and the public is being protected.”
The sole recorded amendment was put forward by Rep. Mick Mulvaney (R-S.C.), sunsetting all provisions in the bill after seven years. It passed 313-110 despite concerns expressed by the Financial Services Roundtable (FSR), a financial lobbying group, about sunset provisions in the bill
“The uncertainty caused by the need to reauthorize this legislation will disincentivize businesses from engaging in this critical process, leaving more American consumers at risk for cyberattacks,” FSR President & CEO and former governor of Minnesota Tim Pawlenty (R), said in a statement.
The White House on Tuesday issued a statement of administration policy supporting the legislation, albeit with some concern. The White House still hopes to resolve concern that the liability protections provided in the bill are too broad.
The administration is also concerned about provisions in the bill permitting “potentially disruptive defensive measures in response to network incidents.” This provision was not in the administration’s original cyber proposal.
The House on Thursday will consider one more cyber information sharing bill, the National Cybersecurity Protection Advancement Act, offered by Rep. Michael McCaul (R- Texas).