Amendment No. 1—Expands eligibility to participate in the information sharing program to include "critical infrastructure" owners and operators such as airports, utilities, and public transit systems, to receive cyber threat information and better secure their networks.
Conyers (D-MI): Amendment No. 2—Strikes the criminal and civil liability exemption for decisions made based upon cyber threat information identified, obtained, or shared under this Act.
Amendment No. 3—Clarifies the bill’s liability provision that the use of cybersecurity systems is the use of such systems to identify and obtain cyber threat information.
Amendment No. 4—Adds a provision to clarify that regulatory information already required to be provided remains subject to FOIA requests, as under current law.
Jackson-Lee (D-TX): Amendment No. 5—Authorizes the Secretary of Homeland Security to intercept and deploy countermeasures with regard to system traffic for cybersecurity purposes and risks to federal systems.
Amendment No. 6—Limits government use of shared cyber threat information to only 5 purposes: 1) cybersecurity; 2) investigation and prosecution of cybersecurity crimes; 3) protection of individuals from the danger of death or physical injury; 4) protection of minors from child pornography or risk of sexual exploitation; and 5) protection of the national security of the United States.
Amendment No. 7—Prohibits the federal government from using, among other things, library records, firearms sales records, and tax returns that it receives from private entities under this Act.
Amendment No. 8—Authorizes the federal government to create reasonable procedures to protect privacy and civil liberties, consistent with the needs of cybersecurity. The amendment would also prohibit the federal government from retaining or using information shared pursuant to the Act for anything other than a use permitted under the provisions in the bill.
Amendment No. 9—Add a requirement to include a list of all federal agencies receiving information shared with the federal government to the report from the Inspector General of the Intelligence Community required under the bill.
Richardson (D-CA): Amendment No. 10—Adds a provision allowing a department or agency of the federal government to provide cyber threat information to owners and operators of "critical infrastructure".]
Amendment No. 11—Clarifies that nothing in the bill would alter existing authorities or provide new authority to any federal agency, including Department of Defense, National Security Agency, Department of Homeland Security, or the Intelligence Community to install, employ, or otherwise use cybersecurity systems on private sector networks.
Amendment No. 12—Adds a provision stating that entities who choose not to participate in the voluntary information sharing authorized by this bill are not subject to new liabilities.
Amendment No. 13—Narrows definitions in the bill regarding what information may be identified, obtained, and shared.
Amendment No. 14—Makes a technical correction to definitions in Section 2 (g) to provide consistency with other cyber security policies within the Executive branch and the Department of Defense.
Amendment No. 15—Sunsets the provisions of the bill five years after the date of enactment.
Paulsen (R-MN): Amendment No. 16—Encourages international cooperation on cyber security where feasible.