{ "id": "R44069", "type": "CRS Report", "typeId": "REPORTS", "number": "R44069", "active": true, "source": "EveryCRSReport.com, University of North Texas Libraries Government Documents Department", "versions": [ { "source": "EveryCRSReport.com", "id": 447057, "date": "2015-11-06", "retrieved": "2016-04-06T17:59:33.818207", "title": "Cybersecurity and Information Sharing: Comparison of H.R. 1560 (PCNA and NCPAA) and S. 754 (CISA)", "summary": "Effective sharing of information in cybersecurity is generally considered an important tool for protecting information systems from unauthorized access. Five bills on such sharing have been introduced in the 114th Congress\u2014H.R. 234, H.R. 1560, H.R. 1731, S. 456, and S. 754, and relevant provisions have appeared in other bills. The White House has also submitted a legislative proposal and issued an executive order on the topic. \nH.R. 1560, the Protecting Cyber Networks Act (PCNA), and H.R. 1731, the National Cybersecurity Protection Advancement Act of 2015 (NCPAA), passed the House the week of April 20. The bills were then combined as separate titles in H.R. 1560. \nIn the Senate, S. 754, the Cybersecurity Information Sharing Act of 2015 (CISA), was reported in March and was proposed to be considered as an amendment to H.R. 1735, the National Defense Authorization Act (NDAA). More than 70 amendments to CISA were submitted, a managers amendment was circulated, and a cloture motion was filed on August 3. On August 5, a unanimous consent agreement was reached permitting consideration, and the Senate began debate on a manager\u2019s amendment on October 20. The substitute included several of the filed amendments. Several additional amendments were considered, but most did not succeed. The Senate passed CISA, as amended, on October 27. Presumably, any inconsistencies between CISA and the two titles of H.R. 1560 could be reconciled during the process for resolving differences between the House and Senate bills.\nPCNA, NCPAA, and CISA have many similarities but also significant differences. All focus on information sharing among private entities and between them and the federal government. NCPAA would explicitly amend portions of the Homeland Security Act of 2002, and PCNA would amend parts of the National Security Act of 1947. CISA addresses the roles of the Department of Homeland Security and the intelligence community but does not explicitly amend either act. NCPAA and CISA also contain provisions relating to cybersecurity of federal agencies and their information systems and of critical infrastructure sectors. CISA also has provisions on international cybersecurity policy and cybercrime. The bills differ in how they define some terms in common, the roles they provide for federal agencies, processes for nonfederal entities to share information with the federal government, processes for protecting privacy and civil liberties, uses permitted for shared information, and reporting requirements. \nAll the bills would address concerns about barriers to sharing information about cybersecurity within and across sectors. Such barriers are considered by many to hinder protection of information systems. Private-sector entities often express reluctance to share such information because of concerns about legal liability, antitrust violations, regulatory requirements, and protection of intellectual property and other proprietary business information. Institutional and cultural factors have also been cited\u2014traditional approaches to security tend to emphasize secrecy and confidentiality, which would necessarily impede sharing of information. \nAll the bills have provisions aimed at facilitating information sharing among private-sector entities and providing protections from liability. While reduction or removal of such barriers may provide benefits, concerns have been raised about potential adverse impacts, especially on privacy and civil liberties, and potential misuse of shared information. The bills address many of those concerns. In general, they limit the use of shared information to purposes of cybersecurity and law enforcement, and they limit government use, especially for regulatory purposes. All include provisions to shield information shared with the federal government from public disclosure and to protect privacy and civil liberties with respect to shared information that is not needed for cybersecurity purposes. All require reports to Congress on impacts of their provisions. \nMost observers appear to believe that legislation on information sharing is either necessary or at least potentially beneficial\u2014provided that appropriate protections are included\u2014but additional factors may be worthy of consideration as the legislative proposals are debated. In particular, resistance to information sharing among private-sector entities might not be substantially reduced by the actions contemplated in the legislation; and information sharing is only one of many facets of cybersecurity that organizations need to address to secure their information systems.", "type": "CRS Report", "typeId": "REPORTS", "active": true, "formats": [ { "format": "HTML", "encoding": "utf-8", "url": "http://www.crs.gov/Reports/R44069", "sha1": "7b836458a0725a39107008542bf8951b0b01b3a7", "filename": "files/20151106_R44069_7b836458a0725a39107008542bf8951b0b01b3a7.html", "images": null }, { "format": "PDF", "encoding": null, "url": "http://www.crs.gov/Reports/pdf/R44069", "sha1": "34b89eb88efa150424de696827458690823586e9", "filename": "files/20151106_R44069_34b89eb88efa150424de696827458690823586e9.pdf", "images": null } ], "topics": [ { "source": "IBCList", "id": 4300, "name": "Cybersecurity" } ] }, { "source": "University of North Texas Libraries Government Documents Department", "sourceLink": "https://digital.library.unt.edu/ark:/67531/metadc805821/", "id": "R44069_2015Aug05", "date": "2015-08-05", "retrieved": "2016-03-19T13:57:26", "title": "Cybersecurity and Information Sharing: Comparison of House and Senate Bills in the 114th Congress", "summary": null, "type": "CRS Report", "typeId": "REPORT", "active": false, "formats": [ { "format": "PDF", "filename": "files/20150805_R44069_177c80322e5dde07334ca0d1dea4bd133149a168.pdf" }, { "format": "HTML", "filename": "files/20150805_R44069_177c80322e5dde07334ca0d1dea4bd133149a168.html" } ], "topics": [] }, { "source": "University of North Texas Libraries Government Documents Department", "sourceLink": "https://digital.library.unt.edu/ark:/67531/metadc700704/", "id": "R44069_2015Jun18", "date": "2015-06-18", "retrieved": "2015-08-27T16:20:31", "title": "Cybersecurity and Information Sharing: Comparison of Legislative Proposals in the 114th Congress", "summary": "This report compares two House bills and one Senate bill that address information sharing and related activities in cybersecurity. The report consists of an overview of those and other legislative proposals on information sharing, along with selected associated issues, followed by a side-by-side analysis of the National Cybersecurity Protection Advancement Act of 2015 (NCPAA), the Protecting Cyber Networks Act (PCNA), and the Cybersecurity Information Sharing Act of 2015 (CISA).", "type": "CRS Report", "typeId": "REPORT", "active": false, "formats": [ { "format": "PDF", "filename": "files/20150618_R44069_0c1c4e536d4478ee11a6d4912a03756fa58e3e49.pdf" }, { "format": "HTML", "filename": "files/20150618_R44069_0c1c4e536d4478ee11a6d4912a03756fa58e3e49.html" } ], "topics": [ { "source": "LIV", "id": "Congress", "name": "Congress" }, { "source": "LIV", "id": "Technology", "name": "Technology" }, { "source": "LIV", "id": "Computer security measures", "name": "Computer security measures" } ] }, { "source": "University of North Texas Libraries Government Documents Department", "sourceLink": "https://digital.library.unt.edu/ark:/67531/metadc689208/", "id": "R44069_2015Jun12", "date": "2015-06-12", "retrieved": "2015-08-03T15:06:47", "title": "Cybersecurity and Information Sharing: Comparison of Legislative Proposals in the 114th Congress", "summary": "This report compares two House bills and one Senate bill that address information sharing and related activities in cybersecurity. It also discusses some of the issues that those and other bills address.", "type": "CRS Report", "typeId": "REPORT", "active": false, "formats": [ { "format": "PDF", "filename": "files/20150612_R44069_093edfe135dad4642929c5f0eab16061dfa7ae1a.pdf" }, { "format": "HTML", "filename": "files/20150612_R44069_093edfe135dad4642929c5f0eab16061dfa7ae1a.html" } ], "topics": [ { "source": "LIV", "id": "Congress", "name": "Congress" }, { "source": "LIV", "id": "House of Representatives", "name": "House of Representatives" }, { "source": "LIV", "id": "Technology", "name": "Technology" }, { "source": "LIV", "id": "Computer security measures", "name": "Computer security measures" } ] } ], "topics": [ "Foreign Affairs", "Intelligence and National Security", "National Defense" ] }