Here’s an excellent article from the Christian Science Monitor’s Mark Clayton. There are two competing bills:
Lieberman-Collins is the slightly older bill, has support from the White House, and requires “critical infrastructure” companies to meet federal electronic security standards. Some critics think that this is such a high standard that it won’t cover a lot of important networks, and it doesn’t provide any oversight of ISPs or other technology industry companies—only companies whose operations are so important that disrupting them would cause “major damage to the economy, national security, or daily life” or “mass death.” (I would think that would fall under the “major damage to daily life” clause, but whatever.)
John McCain’s competing legislation is backed only by Republican senators and business groups, and according to McCain has “no government monitoring, no government takeover of the Internet, and no government intrusions.” What it does have is—like CISPA—provisions to provide private entities immunity from lawsuits arising from privacy concerns.
Both the Lieberman-Collins bill and the McCain legislation have received poor reviews from privacy advocates. Lieberman-Collins has some privacy safeguards: It would require companies to anonymize the information they send to the government and use information received back from government only for cybersecurity. “Lieberman-Collins needs some substantial improvements, but overall is better for privacy than is CISPA,” writes Gregory Nojeim, senior counsel at the Center for Democracy and Technology in an e-mail interview.
Of all three bills ostensibly designed to improve the nation’s cybersecurity, only Lieberman’s actually tries to include federal standards for what cybersecurity means. Businesses vastly prefer the two bills—CISPA and McCain’s—that say, in effect, “we won’t require you to actually make your networks more secure, just give us any information we might ask for later and we’ll promise you won’t be sued for it.”