Parsing the cyber bills in the 114th Congress

What: A comparison of the various cybersecurity bills put forward in the current Congress by the Congressional Research Service.

Why: As high-profile breaches in the public and private sectors have mounted, Congress has taken up a number of bills that try to accomplish the same thing in different ways: to make the sharing of cyber-threat information between the private sector and the government easier.

CRS’s analysis covers two bills that have passed the House – the Protecting Cyber Networks Act (PCNA) and the National Cybersecurity Protection Advancement Act (NCPAA) – along with the Senate’s Cybersecurity Information Sharing Act (CISA). The two House bills have been folded into one, while the fate of the Senate bill hangs in the balance. North Carolina Republican Richard Burr, chairman of the Senate Intelligence Committee, tried to attach CISA as an amendment to the annual defense authorization bill, but Senate Democrats blocked the measure.

CISA and PCNA are generally more similar to each other than either is to NCPAA, according to the report. NCPAA focuses on the role of the Department of Homeland Security in information sharing, while PCNA focuses more on the intelligence community and the nascent cyber intelligence agency being stood up at the Office of the Director of National Intelligence.

The CRS analysis acknowledges that the bills address, in significant ways, privacy concerns to information sharing, which have been a sticking point for Sen. Ron Wyden (D-Ore.) and civil liberties groups.

Verbatim: “Resistance to sharing of information among private-sector entities might not be substantially reduced by the actions contemplated in the legislation; and information sharing is only one of many facets of cybersecurity that organizations need to address to secure their systems and information.”

Full report: Read the full report here.