Here is the Administration’s Statement of Administration Policy on the Lieberman-Collins bill. On the regulatory provisions and the information-sharing liability provisions they are drawing a line in the sand:
The revised bill contains critical-infrastructure protection measures that are less robust than in earlier drafts, but would still produce meaningful cybersecurity improvements. However, the Administration would not support amendments that would weaken the critical infrastructure protection measures in the legislation, including: (1) reducing the Federal Government’s existing roles and responsibilities in coordinating and endorsing the outcome-based cybersecurity practices; (2) weakening the statutory authorities of the Department of Homeland Security to accomplish its critical infrastructure protection mission; or (3) substantially expanding the narrowly-tailored liability protections for private sector entities. While liability limitations are necessary to encourage information sharing, overly broad immunities from legal obligations would undermine the very trust that the bill seeks to strengthen.