Summary of Amendments Submitted to the Rules Committee for H.R. 1560 - Protecting Cyber Networks Act

Summaries Derived from Information Provided by Sponsors

Listed in Alphabetical Order

Apr 21, 2015 3:57 PM

Click on sponsor for amendment text

Cárdenas , Tony (CA)

#23

REVISED Instructs the SBA to provide assistance to small businesses and small financial institutions to participate under this section, instruct the SBA to generate a report about such entities participation and instruct the federal government to engage in out reach to encourage small business and small financial institution participation.

Carson (IN)

#6

Sunsets the bill after four years.

Carson (IN)

#7

REVISED Adds the requirement that the Inspector General report on current procedures pertaining to the sharing of information, removal procedures for personal information or information identifying a specific person, and any incidents pertaining to the improper treatment of information.

Carson (IN)

#8

Clarifies that a company’s defensive measures cannot impact or damage other networks, even unintentionally.

Carson (IN), Quigley (IL)

#9

Clarifies that information can be shared with other federal agencies only after the receiving entity removes Personally Identifiable Information (PII). It also clarifies that the receiving entity is responsible for determining which federal agencies are relevant to receive that information.

Castro (TX)

#16

Requires Inspectors General to secure online systems with encryption technologies for whistle-blower reports to thereby protect at a greater extent the identities of those who report federal waste, fraud, abuse, corruption or terrorism online

Connolly (VA), Blumenauer (OR)

#10

Requires the Director of National Intelligence to submit a report to Congress examining how the ability of the Federal Government and private entities to recruit talented cybersecurity professionals is impacted by the scheduling of marijuana (cannabis) as a schedule I drug with respect to granting security clearances to such personnel.

Connolly (VA)

#11

Limits the scope of the “notwithstanding any other provision of law” exemption to ensure that the Executive Branch and the Judicial Branch do not interpret this Act to authorize a private entity to disregard all other existing laws not related to those laws that impact the effective operation of a defensive measure by a private entity for a cybersecurity purpose, and to disregard the Computer Fraud and Abuse Act, in carrying out the provision authorizing the private entity to operate a defensive measure for a cybersecurity purpose.

Connolly (VA)

#12

Limits the scope of the "notwithstanding any other provision of law" exemption to prohibit authorizing a private entity to violate the Computer Fraud and Abuse Act.

Farenthold (TX), Issa (CA), Lofgren (CA), Polis (CO)

#19

Sunsets the Act on September 30, 2020

Hahn (CA)

#1

REVISED Directs the Secretary of Homeland Security to submit a report to Congress containing assessments of risks and shortfalls along with recommendations regarding cybersecurity at tier 1 ports.

Hahn (CA)

#2

Requires that ports conduct a cybersecurity risk assessment to be eligible to receive grants from the Port Security Grant program. Ports may also apply for a Port Security Grant for the expressed purpose of conducting a cybersecurity risk assessment.

Himes (CT)

#24

LATE Modifies the disclosure, retention, and use section of the bill to prevent the use of cyber threat indicators for the investigation and prosecution of non-computer related crimes.

Jackson Lee (TX), Polis (CO)

#13

Directs the Government Accountability Office (GAO) to provide a report to Congress on the actions taken by the Federal Government to remove personal information from data shared through the programs established by this statute.

Jackson Lee (TX)

#14

Provides a report Congressional oversight committees regarding civic participation in electronic public commenting activities that significantly impact the digital resources of Federal agencies, which could be misinterpreted by automated cyber defense mechanisms as cyber threats.

Lofgren (CA), Issa (CA), Polis (CO), Farenthold (TX)

#17

Amends the government use provision to conform with H.R. 1731 by limiting the use of cyber threat indicators and defensive measures for cybersecurity purposes only.

Lofgren (CA), Polis (CO)

#18

REVISED Prohibits agencies that receive cyber threat indicators from making requests that private entities alter their information systems in a way that weakens or allows circumvention of security functions.

Mulvaney (SC)

#22

Sunsets the provisions of the bill after 7 years.

Nunes (CA)

#5

MANAGER’S AMENDMENT REVISED Makes technical changes to several sections of the bill. Clarifies the authorization for the use of defensive measures. Further clarifies the liability protections for network monitoring and sharing and receipt of cyber threat indicators and defensive measures.

Polis (CO), Lofgren (CA)

#15

Requires a Federal entity in receipt of cyber threat indicators to remove any information it reasonably believes can identify a specific person unless the information is necessary to describe or mitigate a cybersecurity threat. Amends the Act's biennial reporting requirements to require an assessment of whether Federal entities have limited the sharing of personally identifiable information in accordance with this new standard.

Richmond (LA)

#20

Strikes immunizing companies that fail to act on timely threat information and clarifies that the Act has no impact on a duty to act on shared information.

Richmond (LA)

#21

Removes any and all potential exemptions from liability for willful misconduct by government actors.

Rothfus (PA)

#4

Sunsets the legislation’s authorizations three years after enactment.

Wilson, Joe (SC)

#25

LATE Requires a study to determine quantifiable metrics for cyber incidents.

Yoder (KS), Polis (CO)

#3

Amends the Electronic Communications Privacy Act, to update the privacy protections for electronic communications information that is stored by third-party service providers in order to protect consumer privacy interests while meeting law enforcement needs.