Today, the House will vote on the Protecting Cyber Networks Act (PCNA) and various amendments to it. With the ongoing threat of cyber attacks from persistent adversaries, individuals and foreign government entities alike, this bill is designed to mitigate threats, reduce vulnerabilities, and protect the nation’s information systems.
The House Intelligence Committee’s PCNA is innovative in its attempt to encourage the sharing of cybersecurity information between businesses and the federal government. By sharing information on threats and vulnerabilities, more companies and government agencies will have more information with which they can better protect their networks and data.
When the bill was first introduced, the bill had both pros and cons. Working for the bill is that it allows information to be used relatively broadly by the government to stop both cyber and physical threats. Since information sharing is primarily dealing with the coding of a virus, the vulnerability in a piece of software, or tracking down where a cyber attack came from, broad government use of this information is important.
The bill however is lacking on one major front: liability protection. PCNA falls short in protecting companies from the risk of litigation if they share information since it only provides “good faith” liability protection. “Good faith” is a vague standard of proof that can be easily challenged in court, which, in turn, causes private sector entities to hesitate in sharing information. Earlier this month, the Heritage Foundation recommended that Congress provide strong liability protection in order to encourage better information sharing.
This week, Chairman Devin Nunes, R-Calif., the sponsor of the PCNA bill and head of the House Intelligence Committee, released the manager’s amendment to clean up some of the loose sections of the bill. Among the fixes Nunes included was an improvement to the liability protections. Nunes struck the lines including the murky “good faith” and ensured that the more robust liability standard of “willful misconduct” is used.
This amendment will improve the quality of this bill when it comes to the House floor today. Without the amendment, companies may not be sufficiently protected to ensure they share information.
Information sharing between the private sector and federal government is a first step toward protecting U.S. computer networks and important personal and business information. The manager’s amendment takes an important step in solidifying the benefits of this legislation.