After years of debate, cybersecurity legislation may pass this week, tucked inside the trillion-dollar federal spending bill.
The House and the Senate both have passed competing versions of cybersecurity legislation and pressed to negotiate a version they could pass before the end of the year. It's now part of the massive appropriations package, toward the end of the latest amended draft, which is expected to go up for vote later this week.
The focus of this legislation, called "The Cybersecurity Act of 2015," is to encourage companies to share with the government and each other technical details of hacking threats (for example, IP addresses or malicious code), as close to in real time as possible.
The Associated Press reports that the bill closely tracks the Senate version of the legislation, but with some changes:
"The bill allows the president to designate an agency other than the civilian Homeland Security Department to act as a portal for sharing cyber threats with the government only if DHS cannot and it is necessary. However, the Defense Department, including its National Security Agency, is specifically excluded for becoming an alternate portal."
One stumbling block to this legislation has been the companies' resistance to participation for fear of litigation. Congress has debated a way to include an incentive for participation, affording companies legal liability protections over the cyber threat information they end up sharing.
Supporters, which include business groups, say such cooperation between the private and the public sectors will help the country do a better job of fighting online attacks. Skeptics argue it won't change much.
As NPR's Aarti Shahani has reported, some data-sharing initiatives already exist between some industries and the government and there are also private subscription services. Legislation would create a new pipeline and formal procedures for broader adoption.
Online privacy advocates continue to oppose the cybersecurity language, saying its approach to scrubbing personal information from the shared data is not enough and gives government too much access to private data.
President Obama has promoted better information sharing and is expected to sign the budget bill once it passes Congress.