House intelligence committee leaders unveiled a bipartisan cybersecurity bill Tuesday amid signs of broad agreement on long-sought legislation that would allow private companies to share with the government details of how they are hacked, without fear of being sued.
"We're light years ahead of where we were last session," said Rep. Adam Schiff, the ranking Democrat on the committee, who briefed reporters on the bill with Chairman Devin Nunes.
The information sharing is badly needed, backers say, so that government agencies can help the private sector defend itself against sophisticated cyberattacks, many of which are undertaken by intelligence agencies in countries such as Russia, China, North Korea and Iran.
The House bill would grant companies liability protection if they stripped out personal information from the data and shared it in real time through a civilian portal, most likely run by the Department of Homeland Security.
Similar efforts have foundered in previous years over concerns by privacy groups that personal information held by companies would end up in the hands of the National Security Agency, the digital spying agency that is the country's foremost repository of cyber expertise. The House bill would allow the NSA to get the data, but not until it had been stripped of private information.
The House bill tracks closely with a similar bill approved, 14-1, two weeks ago by the Senate intelligence committee. It's not markedly different from other competing proposals. The White House, which threatened to veto the House-passed cyber measure last session over privacy issues, has not voiced a position on the current bill, but committee officials said informal consultations have been favorable.
"We're trying to balance all sides of this," Nunes said.
The compromise comes amid an increasing pace of cyberattacks against private companies, including one against Sony Pictures Entertainment that the U.S. government says was carried out by North Korea. The hackers damaged Sony computers and released secret corporate information.
U.S. officials have long warned of the risks that cyberattacks could do physical damage, including poisoning water systems, blowing up chemical plants and shutting down parts of the U.S. power grid.