US House takes up bill designed to thwart cyberattacks

The US House of Representatives today is expected to pass long-awaited legislation designed to thwart cyberattacks by encouraging private companies to share information about the attackers' methods ith the government.
Many companies have been reluctant to share such internal data for fear of being sued, leaving both the firms and the government less equipped to battle an onslaught of cyberintrusions, including state-sponsored campaigns to steal American intellectual property.
The bill grants protection from liability if the companies follow certain procedures.
If passed, the bill would go to the Senate, where a similar measure has been introduced with bipartisan support. In a statement, the White House praised the bill while also expressing concerns about the House version, arguing that the liability protections in some cases went too far and could ultimately reduce the incentive for companies to report breaches.

The White House also called for language ensuring that data is not shared by businesses to thwart competition. Information sharing is badly needed, backers say, so that government agencies can help the private sector defend against sophisticated cyberattacks, many of which are undertaken by intelligence agencies in countries such as Russia, China, North Korea and Iran.
The House bill would grant companies liability protection if they stripped out personal information from the data and shared it in real time through a civilian portal, most likely run by the Department of Homeland Security.

Similar efforts have foundered in previous years over concerns by privacy groups that personal information held by companies would end up in the hands of the National Security Agency, the digital spying agency that is the country's foremost repository of cyberexpertise.

The House bill would allow the NSA to get the data, but not until private information had been removed.
The House bill is similar to a measure that was approved, 14-1, last month by the Senate Intelligence Committee. It's not markedly different from other competing proposals.
The compromise comes amid an increasing pace of cyberattacks against private companies, including one against Sony Pictures Entertainment that the U.S. Government says was carried out by North Korea.
The hackers damaged Sony computers and released secret corporate information. Another attack in late 2013 on the payment systems of US retail stores, including Target, exposed the credit and debit card numbers of millions of Americans.

US officials have long warned of the risks that cyberattacks could do physical damage, including poisoning water systems, blowing up chemical plants and shutting down parts of the U.S. Power grid.