The House on Wednesday passed major legislation intended to improve the nation's defenses against cyberattacks, Congress's first significant step toward attempting to limit the kind of debilitating hacks that brought Sony Pictures to its knees five months ago.
The bill, which passed 307-116, would provide companies with expanded legal liability protections if they choose to voluntarily share certain kinds of digital data through a government "cyber portal."
"At some point, we need to stop just hearing about cyber attacks that steal our most valuable trade secrets and our most private information, and actually do something to stop them," Rep. Adam Schiff, the top Democrat of the House Intelligence Committee, said on the House floor.
The measure is supported by a wide array of business and financial interests, including the U.S. Chamber of Commerce. But privacy advocates continue to insist that the info-sharing regime is too broad and could strengthen the National Security Agency's spying capabilities.
To combat those fears, the bill's authors included numerous sections that explicitly state the law prohibits the use of any data collected for government surveillance. Despite those assurances, however, privacy advocates contend the pooled data, which must be shared with other government agencies, including the NSA, could still be used a variety of law-enforcement purposes not related to cybersecurity.
Since the Sony breach, which U.S. officials publicly blamed on North Korea, President Obama has declared cyberattacks a "national emergency" and signed an executive order that makes it easier for the government to impose sanctions against foreign hackers. The administration also announced in February it would form a new agency—the Cyber Threat Intelligence Integration Center—to help "connect the dots" among potential cyberthreats facing the U.S.
The House will also vote and likely pass a similar info-sharing measure from the Homeland Security Committee on Thursday, and lawmakers will seek to reconcile the measures going forward. In addition to several technical differences that exist between the two bills, the Homeland bill designates the Department of Homeland Security as the central government "cyber hub."
The intelligence panel bill is largely agnostic about which agency can operate as a hub, though it prevents either the NSA or Department of Defense from filling that role.
The White House this week issued statements supporting both measures, but indicated deep reservations with several aspects of the language. The administration objected to "sweeping liability protections" it suggested could be overly broad, but expressed a desire to advance the legislation in order to improve upon it down the road.
The Senate Intelligence Committee passed a similar info-sharing proposal earlier this year on a 14-1 vote. Sen. Ron Wyden, an Oregon Democrat, cast the lone no vote, arguing the measure was a "surveillance bill by another name." That bill could be taken up as soon as next week.
(Image via Brandon Bourdages/ Shutterstock.com)