{ "id": "R43996", "type": "CRS Report", "typeId": "REPORTS", "number": "R43996", "active": true, "source": "EveryCRSReport.com, University of North Texas Libraries Government Documents Department", "versions": [ { "source": "EveryCRSReport.com", "id": 442328, "date": "2015-06-18", "retrieved": "2016-04-06T18:55:02.525045", "title": "Cybersecurity and Information Sharing: Comparison of H.R. 1560 and H.R. 1731 as Passed by the House", "summary": "Effective sharing of information in cybersecurity is generally considered an important tool for protecting information systems and their contents from unauthorized access by cybercriminals and other adversaries. Five bills on such sharing have been introduced in the 114th Congress\u2014H.R. 234, H.R. 1560, H.R. 1731, S. 456, and S. 754. The White House has also submitted a legislative proposal and issued an executive order on the topic. \nIn the House, H.R. 1560, the Protecting Cyber Networks Act (PCNA), was reported out of the Intelligence Committee. H.R. 1731, the National Cybersecurity Protection Advancement Act of 2015 (NCPAA), was reported by the Homeland Security Committee. Both bills passed the House, amended, the week of April 20, and were combined, with the PCNA becoming Title I and the NCPAA Title II of H.R. 1560. \nThe PCNA and the NCPAA have many similarities but also significant differences. Both focus on information sharing among private entities and between them and the federal government. They address the structure of the information-sharing process, issues associated with privacy and civil liberties, and liability risks for private-sector sharing, and both address some other topics in common. \nThe NCPAA would amend portions of the Homeland Security Act of 2002, and the PCNA would amend parts of the National Security Act of 1947. They differ in how they define some terms in common such as cyber threat indicator, the roles they provide for federal agencies (especially, the Department of Homeland Security and the intelligence community), processes for nonfederal entities to share information with the federal government, processes for protecting privacy and civil liberties, uses permitted for shared information, and reporting requirements. \nS. 754 has been reported by the Senate Intelligence Committee. Presumably, if the Senate passes a bill on information sharing, any inconsistencies between the PCNA and the NCPAA could be reconciled during the process for resolving differences between the House and Senate bills. \nAll of the bills would address commonly raised concerns about barriers to sharing information about threats, attacks, vulnerabilities, and other aspects of cybersecurity\u2014both within and across sectors. Such barriers are considered by many to hinder protection of information systems, especially those associated with critical infrastructure. Private-sector entities often claim that they are reluctant to share such information among themselves because of concerns about legal liability, antitrust violations, and protection of intellectual property and other proprietary business information. Institutional and cultural factors have also been cited\u2014traditional approaches to security tend to emphasize secrecy and confidentiality, which would necessarily impede sharing of information. \nAll the bills have provisions aimed at facilitating information sharing among private-sector entities and providing protections from liability that might arise from such sharing. While reduction or removal of such barriers may provide benefits, concerns have also been raised about potential adverse impacts, especially on privacy and civil liberties, and potential misuse of shared information. The legislative proposals all address many of the concerns. In general, the proposals limit the use of shared information to purposes of cybersecurity and law enforcement, and they limit government use, especially for regulatory purposes. All include provisions to shield information shared with the federal government from public disclosure and to protect privacy and civil liberties with respect to shared information that is not needed for cybersecurity purposes. All the proposals require reports to Congress on impacts of their provisions. \nMost observers appear to believe that legislation on information sharing is either necessary or at least potentially beneficial\u2014provided that appropriate protections are included\u2014but two additional factors in particular may be worthy of consideration as the various legislative proposals are debated. First, resistance to sharing of information among private-sector entities might not be substantially reduced by the actions contemplated in the legislation. Second, information sharing is only one of many facets of cybersecurity that organizations need to address to secure their systems and information.", "type": "CRS Report", "typeId": "REPORTS", "active": true, "formats": [ { "format": "HTML", "encoding": "utf-8", "url": "http://www.crs.gov/Reports/R43996", "sha1": "5c58e82b2d8f3c3224aab29961cf9fe18f4a5089", "filename": "files/20150618_R43996_5c58e82b2d8f3c3224aab29961cf9fe18f4a5089.html", "images": null }, { "format": "PDF", "encoding": null, "url": "http://www.crs.gov/Reports/pdf/R43996", "sha1": "4e6d876d9a348c642749f4cde7a46a0912030846", "filename": "files/20150618_R43996_4e6d876d9a348c642749f4cde7a46a0912030846.pdf", "images": null } ], "topics": [] }, { "source": "University of North Texas Libraries Government Documents Department", "sourceLink": "https://digital.library.unt.edu/ark:/67531/metadc700817/", "id": "R43996_2015Jun04", "date": "2015-06-04", "retrieved": "2015-08-27T16:20:31", "title": "Cybersecurity and Information Sharing: Comparison of H.R. 1560 and H.R. 1731 as Passed by the House", "summary": "This report compares provisions in two bills in the House of Representatives that address information sharing and related activities in cybersecurity. This report consists of an overview of those and other legislative proposals on information sharing, along with selected associated issues, followed by a side-by-side analysis of the two House bills as passed.", "type": "CRS Report", "typeId": "REPORT", "active": false, "formats": [ { "format": "PDF", "filename": "files/20150604_R43996_20446d8f3fcd0bdb92a4925890f5e1915e2b8071.pdf" }, { "format": "HTML", "filename": "files/20150604_R43996_20446d8f3fcd0bdb92a4925890f5e1915e2b8071.html" } ], "topics": [ { "source": "LIV", "id": "Congress", "name": "Congress" }, { "source": "LIV", "id": "House of Representatives", "name": "House of Representatives" }, { "source": "LIV", "id": "Technology", "name": "Technology" }, { "source": "LIV", "id": "Computer security measures", "name": "Computer security measures" } ] }, { "source": "University of North Texas Libraries Government Documents Department", "sourceLink": "https://digital.library.unt.edu/ark:/67531/metadc627150/", "id": "R43996_2015Apr29", "date": "2015-04-29", "retrieved": "2015-06-15T14:46:40", "title": "Cybersecurity and Information Sharing: Comparison of H.R. 1560 and H.R. 1731 as Passed by the House", "summary": "This report compares provisions in two bills in the House of Representatives that address information sharing and related activities in cybersecurity.", "type": "CRS Report", "typeId": "REPORT", "active": false, "formats": [ { "format": "PDF", "filename": "files/20150429_R43996_87df012ed2873f50fed806b1e033b279eaea352d.pdf" }, { "format": "HTML", "filename": "files/20150429_R43996_87df012ed2873f50fed806b1e033b279eaea352d.html" } ], "topics": [ { "source": "LIV", "id": "Congress", "name": "Congress" }, { "source": "LIV", "id": "House of Representatives", "name": "House of Representatives" }, { "source": "LIV", "id": "Technology", "name": "Technology" }, { "source": "LIV", "id": "Computer security measures", "name": "Computer security measures" } ] }, { "source": "University of North Texas Libraries Government Documents Department", "sourceLink": "https://digital.library.unt.edu/ark:/67531/metadc505493/", "id": "R43996_2015Apr20", "date": "2015-04-20", "retrieved": "2015-05-29T05:37:21", "title": "Cybersecurity and Information Sharing: Comparison of H.R. 1560 and H.R. 1731", "summary": "This report compares provisions in two bills in the House of Representatives that address information sharing and related activities in cybersecurity.", "type": "CRS Report", "typeId": "REPORT", "active": false, "formats": [ { "format": "PDF", "filename": "files/20150420_R43996_323cd0a080d3f4eb76ad0a0f44d9b475f285864e.pdf" }, { "format": "HTML", "filename": "files/20150420_R43996_323cd0a080d3f4eb76ad0a0f44d9b475f285864e.html" } ], "topics": [ { "source": "LIV", "id": "Technology", "name": "Technology" }, { "source": "LIV", "id": "Communications", "name": "Communications" }, { "source": "LIV", "id": "Computer crimes", "name": "Computer crimes" }, { "source": "LIV", "id": "Computer security measures", "name": "Computer security measures" } ] } ], "topics": [ "Intelligence and National Security", "National Defense" ] }