H.R. 1731 - National Cybersecurity Protection Advancement Act of 2015

Bill Text

    Text of H.R. 1731 PDF XML

    National Cybersecurity Protection Advancement Act of 2015 (as introduced)

    Rules Committee Print 114-12 PDF XML

    Showing the text of the bill as ordered reported by the Committee on Homeland Security.  

    H. Rept. 114-83 PDF

    Report from the Committee on Homeland Security

Rule Information

COMMITTEE ACTION:
REPORTED BY VOICE VOTE on Tuesday, April 21, 2015.

FLOOR ACTION ON H. RES. 212 
Agreed to by record vote of 238-182, after agreeing to the previous question by record vote of 237-179, on Wednesday, April 22, 2015

MANAGERS: Collins (GA)/Polis

1. Structured rule for H.R. 1560.

2. Provides one hour of general debate equally divided and controlled by the chair and ranking minority member of the Permanent Select Committee on Intelligence.

3. Waives all points of order against consideration of the bill.

4. Makes in order as original text for the purposes of amendment the amendment in the nature of a substitute recommended by the Permanent Select Committee on Intelligence now printed in the bill and provides that it shall be considered as read.

5. Waives all points of order against the amendment in a nature of a substitute.

6. Makes in order only those further amendments printed in part A of the Rules Committee report. Each such amendment may be offered only in the order printed in the report, may be offered only by a Member designated in the report, shall be considered as read, shall be debatable for the time specified in the report equally divided and controlled by the proponent and an opponent, shall not be subject to amendment, and shall not be subject to a demand for division of the question.

7. Waives all points of order against the amendments printed in part A of the report.

8. Provides one motion to recommit with or without instructions.

9. Structured rule for H.R. 1731.

10. Provides one hour of general debate equally divided and controlled by the chair and ranking minority member of the Committee on Homeland Security.

11. Waives all points of order against consideration of the bill.

12. Makes in order as original text for the purpose of amendment an amendment in the nature of a substitute consisting of the text of Rules Committee Print 114-12 and provides that it shall be considered as read.

13. Waives all points of order against that amendment in the nature of a substitute.

14. Makes in order only those further amendments printed in part B of the Rules Committee report. Each such amendment may be offered only in the order printed in the report, may be offered only by a Member designated in the report, shall be considered as read, shall be debatable for the time specified in the report equally divided and controlled by the proponent and an opponent, shall not be subject to amendment, and shall not be subject to a demand for division of the question.

15. Waives all points of order against the amendments printed in part B of the report.

16. Provides one motion to recommit with or without instructions.

17. Section 3 of the rule directs the Clerk to, in the engrossment of H.R. 1560, add the text of H.R. 1731, as passed by the House, as a new matter at the end of H.R. 1560 and make conforming modifications in the engrossment.

18. Provides that upon the addition of the text of H.R. 1731, as passed by the House, to the engrossment of H.R. 1560, H.R. 1731 shall be laid on the table.

Amendments (click headers to sort)

#Version #Sponsor(s)PartySummaryStatus
23Version 1Amash (MI)RepublicanClarifies that an entity may still provide through enforceable contract that it will not share personally identifiable information with the federal government.Submitted
24Version 1Amash (MI), Thompson, Bennie (MS)Bi-PartisanSunsets the bill 3 years after enactment.Submitted
25Version 1Amash (MI)RepublicanEnsures cyber threat information shared under the bill cannot be used for law enforcement purposes unrelated to cybersecurity.Submitted
26Version 1Amash (MI)RepublicanStrengthens the bill’s reporting requirements to include information on how Federal agencies handle cyber threat information shared under the bill and how much personal information is shared that’s unnecessary to protect a network or information system from cybersecurity risks.Submitted
27Version 1Amash (MI)RepublicanEnsures non-Federal entities remain liable for acting in reckless disregard of the bill’s requirements concerning the removal of personally identifiable information that’s unrelated to a cybersecurity threat.Submitted
28Version 1Amash (MI)RepublicanEnsures common law remedies are still available.Submitted
29Version 1Amash (MI)RepublicanEnsures entities need not have acted intentionally to achieve a wrongful purpose to be liable under the bill and allows plaintiffs to show through preponderance of the evidence that an entity is guilty of willful misconduct.Submitted
30Version 1Amash (MI)RepublicanStrengthens the protection against the federal government’s use of cyber threat information for regulatory purposes and clarifies the restriction on coercing entities to share such information.Submitted
31Version 1Amash (MI)RepublicanRemoves the liability waiver.Submitted
32Version 1Amash (MI)RepublicanEnsures the federal government is liable for recklessly violating the bill’s restrictions on the use and protection of information shared under the bill.Submitted
22Version 2Carter, Buddy (GA)RepublicanWithdrawn Provides enhanced protection and certainty to companies serving as vital commercial infrastructure and handling sensitive information that could be used against the interests of the United States.Withdrawn
6Version 1Castro (TX)DemocratMakes self-assessment tools available to small and medium-sized businesses to determine their level of cybersecurity readiness Made In Order
7Version 1Castro (TX), Cuellar (TX), Doggett (TX), Hurd (TX), Smith, Lamar (TX)Bi-PartisanCodifies the establishment of the National Cybersecurity Preparedness Consortium (NCPC) made up of university partners and other stakeholders who proactively coordinate to assist state and local officials in cyber security preparation and prevention of cyber attacks Made In Order
8Version 1Connolly (VA), Blumenauer (OR)DemocratRequires the Director of National Intelligence to submit a report to Congress examining how the ability of the Federal Government and private entities to recruit talented cybersecurity professionals is impacted by the scheduling of marijuana (cannabis) as a schedule I drug with respect to granting security clearances to such personnel. Submitted
9Version 1Connolly (VA)DemocratLimits the scope of the “notwithstanding any other provision of law” exemption to explicitly prohibit the authorization of a non-Federal entity to violate the Computer Fraud and Abuse Act. Submitted
10Version 1Connolly (VA)DemocratLimits the scope of the “notwithstanding any other provision of law” exemption to ensure that the Executive Branch and the Judicial Branch do not interpret this Act to authorize a non-Federal entity to disregard all laws not related to those laws that impact the effective operation of a defensive measure by a non-Federal entity for a cybersecurity purpose, and to disregard the Computer Fraud and Abuse Act, in carrying out the provision authorizing the non-Federal entity to operate a defensive measure for a cybersecurity purpose. Submitted
39Version 2Hahn (CA)DemocratLate Revised Directs the Secretary of Homeland Security to submit a report to Congress containing assessments of risks and shortfalls along with recommendations regarding cybersecurity at most at risk ports. Made In Order
35Version 1Hurd (TX)RepublicanAuthorizes the existing Einstein 3A (E3A) program.Made In Order
19Version 1Issa (CA), Lofgren (CA), Farenthold (TX), Thompson, Bennie (MS)Bi-PartisanSunsets provisions of the bill in 2020.Submitted
11Version 1Jackson Lee (TX)DemocratAmends the reports' sunset provision in the bill by providing a 90 day notice to Congressional oversight committees and the public prior to sunset of all required written reports to Congress in this bill. Submitted
12Version 4Jackson Lee (TX), Polis (CO)DemocratRevised Provides for a Government Accountability Office (GAO) report to Congress 5 years after enactment to assess the impact of this act on privacy and civil liberties.Made In Order
13Version 1Jackson Lee (TX)DemocratSeeks a GAO report to Congressional oversight committees on the definition of personally identifiable information (PII) in the context of digital communications. PII is information that on its own or in conjunction with other information can uniquely identify a person. Submitted
14Version 1Jackson Lee (TX)DemocratProvides a definition for “resilience,” which is “the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions, including the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.” Submitted
15Version 1Jackson Lee (TX)DemocratAdds additional emphasis on industrial control systems that are essential to mass production, processing and delivery of food, medicines and medical devices. Industrial control systems are prevalent in mass production of a wide range of consumer and industry products. Submitted
16Version 1Jackson Lee (TX)DemocratEnsures that federal agencies supporting cybersecurity efforts of private sector entities remain current on innovation; industry adoption of new technologies; and industry best practices as they relate to industrial control systems.Made In Order
17Version 1Jackson Lee (TX)DemocratRequires a report to Congress on the best means for aligning federally funded cybersecurity research and development with private sector efforts to protect privacy and civil liberties while assuring security and resilience of the Nation’s critical infrastructure.Made In Order
33Version 1Katko (NY), Lofgren (CA), Eshoo (CA), McClintock (CA)Bi-PartisanAmends Section 226 of the Homeland Security Act of 2002 by refining the definition of cyber ‘incident’ to explicitly restrict information sharing to incidents that are directly related to protecting information systems.Made In Order
21Version 1Langevin (RI)DemocratClarifies that the term "cybersecurity risk" does not apply to actions solely involving violations of consumer terms of service or consumer licensing agreements.Made In Order
20Version 2Lofgren (CA), Polis (CO)DemocratRevised Prohibits agencies that receive cyber threat indicators from making requests that private entities alter their information systems in a way that weakens or allows circumvention of security functions.Submitted
34Version 1McCaul (TX), Ratcliffe (TX)RepublicanMANAGER’S AMENDMENT Makes technical corrections and further clarifies the provisions of the bill.Made In Order
5Version 1McClintock (CA)RepublicanReplaces the overly broad definition of "incident" in Homeland Security Act with narrow language that ensures that activities triggering the sharing provisions are true cyber security threats. Submitted
38Version 1Mulvaney (SC), Thompson (MS)Bi-PartisanSunsets the provisions of the bill after 7 yearsMade In Order
18Version 1Polis (CO), Amash (MI), Lofgren (CA)Bi-PartisanProhibits a Federal entity or state, local, or tribal government from sharing any personally identifiable information it receives unless it is necessary to describe or mitigate a cybersecurity threat.Submitted
36Version 1Richmond (LA)DemocratRemoves all potential exemptions from liability for willful misconduct by government actors.Submitted
37Version 1Richmond (LA)DemocratStrikes immunizing companies that fail to act on timely threat information and clarifies that the Act has no impact on a duty to act on shared information.Submitted
4Version 1Rothfus (PA), Thompson, Bennie (MS)Bi-PartisanSunsets the legislation’s authorizations three years after enactment.Submitted
1Version 1Sanchez, Loretta (CA)DemocratAdds a provision that would ensure the Center informs the public of any violations of the privacy and civil liberties protections. Submitted
2Version 1Thompson, Bennie (MS)DemocratSunsets the Act seven years after enactment.Submitted
3Version 1Yoder (KS), Polis (CO)Bi-PartisanAmends the Electronic Communications Privacy Act, to update the privacy protections for electronic communications information that is stored by third-party service providers in order to protect consumer privacy interests while meeting law enforcement needs.Submitted