[Congressional Record (Bound Edition), Volume 161 (2015), Part 4]
[Extensions of Remarks]
[Page 5691]
[From the U.S. Government Publishing Office, www.gpo.gov]




                        H.R. 1560 AND H.R. 1731

                                  _____
                                 

                           HON. NITA M. LOWEY

                              of new york

                    in the house of representatives

                        Tuesday, April 28, 2015

  Mrs. LOWEY. Mr. Speaker, I rise in tepid support of H.R. 1560 and 
H.R. 1731, which would bolster our cyber defenses by supporting 
information sharing between the private sector and government.
  Public and private sector networks are under constant attack. 
Security experts and government officials alike have cautioned that as 
we become more interconnected and dependent on cyber networks for 
everyday aspects of life, the more susceptible we are to crippling 
cyber attacks. The attack on Sony Pictures, the major breach at Anthem 
that compromised personal information for nearly 80 million people, and 
the breaches at national retailers like Target and Home Depot 
demonstrate that information sharing legislation is needed. In the face 
of such extreme threats, Congress must enact robust protective measures 
that safeguard civil liberties.
  The two bills we are considering this week make significant 
improvements compared to CISPA, which passed the House last Congress. 
While CISPA did not require the private sector to remove personal 
information before sharing that information with the government or 
other non-government entities, H.R. 1560 and H.R. 1731 would require 
private entities to remove any personal information before sharing, 
after which the government would be required to conduct a second scrub.
  While I will support H.R. 1560 and H.R. 1731, improvements should be 
made in conference with the Senate. As drafted, the bills could provide 
sweeping liability protections to operators of critical infrastructure 
that do not take adequate defensive measures or share information about 
attacks against their networks. The liability protections are currently 
so broad that they could even provide immunity to entities that act 
negligently.
  Congress has not passed major cyber security legislation since 2002. 
While this week's bills are not perfect and should be improved, they 
would enhance our cyber defenses.

                          ____________________