Today, the House of Representatives passed the Protecting Cyber Networks Act in a bipartisan 307-116 vote, taking an important step forward in Congress' ongoing efforts to promote cyber threat-sharing. The bill is meant to help network operators share information about possible threats more quickly and easily, making it easier to defend against any subsequent attacks. "Our bill will ensure that we have the tools to address these attacks by enabling voluntary information sharing of cyber threats between and among the private and public sectors," Rep. Adam Schiff (D-CA) said in a statement.
It's a crucial issue, particularly in the wake of ongoing criminal and state hacks like Home Depot, Target, and Sony Pictures, but many have criticized the new crop of info-sharing bills as opening the door to private sector surveillance. Ron Wyden criticized CISA, an earlier info-sharing bill, as "a surveillance bill by another name." Others have raised questions about how government agencies will use the threat information after it's been reported. "Any company has to think at least twice about sharing how they are vulnerable with a government that hoards security vulnerabilities and exploits them to conduct massive surveillance," Stanford Law Professor Jennifer Granick wrote in a recent editorial.
"Congress must act to improve our cybersecurity."
For both advocates and critics, the biggest issue has been liability. Network operators want to ensure they can't be prosecuted for sharing threat data that might be seen as private or proprietary. At the same time, privacy advocates want to ensure that liability isn't taken as a blank check to spy on users. The new bill contains a number of scrubs of personal information, but it's still unclear if the measures will be enough to mollify critics.
Still, the fact that the bill could pass such a divided House suggests strong support within Washington for the measures, and a number of members of Congress have already come forward with vocal support for the measure. "The repeated cyberattacks against companies like Anthem, Target, and Home Depot and the national security threat posed by criminals and hostile nation-states have made it clear that Congress must act to improve our cybersecurity," said Rep. Jim Himes (D-CT).