The U.S. Senate easily passed legislation on Tuesday aimed at bolstering the country's cyber defenses, advancing the first serious attempt in Congress to combat computer hacks that have hit a growing number of businesses and government agencies in recent years.
The bill, which would expand liability protections to companies that choose to voluntarily share cyber-threat data with the government, must be reconciled with two similar information-sharing measures that passed the House of Representatives earlier this year. It cleared the Senate by a vote of 74-21 with strong bipartisan support.
The White House announced support last week for the Senate bill, although it stated a desire for some revisions before it lands on President Barack Obama's desk.
The Cybersecurity Information Sharing Act, or CISA, is a proposal that languished in the Senate for several years partly because of privacy groups' concerns it would shuttle more personal information into the hands of the National Security Agency and other government spies.\
See recent large data breaches:
Notable data breaches in the US
Senate approves major cybersecurity bill
Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia, U.S., September 8, 2017. REUTERS/Tami Chappell
LONDON, ENGLAND - AUGUST 19: A detail of the Ashley Madison website on August 19, 2015 in London, England. Hackers who stole customer information from the cheating site AshleyMadison.com dumped 9.7 gigabytes of data to the dark web on Tuesday fulfilling a threat to release sensitive information including account details, log-ins and credit card details, if Avid Life Media, the owner of the website didn't take Ashley Madison.com offline permanently. (Photo by Carl Court/Getty Images)
Katherine Archuleta, director of the U.S. Office of Personnel Management (OPM), speaks during a House Oversight and Government Reform Committee hearing on the OPM data breach in Washington, D.C., U.S., on Wednesday, June 24, 2015. U.S. senators said yesterday they doubt the government's personnel office understands the breadth of a computer hack that exposed the records of more than 4 million federal workers, or that the agency can stop another breach. Photographer: Andrew Harrer/Bloomberg via Getty Images
WASHINGTON, DC - JUNE 05: The entrance to the Theodore Roosevelt Federal Building that houses the Office of Personnel Management headquarters is shown June 5, 2015 in Washington, DC. U.S. investigators have said that at least four million current and former federal employees might have had their personal information stolen by Chinese hackers. (Photo by Mark Wilson/Getty Images)
SCHAUMBURG, IL - AUGUST 04: A statue of a horse stands at the entrance to a P.F. Chang's restaurant on August 4, 2014 in Schaumburg, Illinois. P.F. Chang's China Bistro Ltd. said today that the company experienced a data breach involving customers' credit and debit card information which affected 33 restaurants in 16 states, including the Schaumburg, Illinois location. (Photo by Scott Olson/Getty Images)
PORTLAND, ME - AUGUST 15: Shaws on Congress Street on Friday, July 15, 2014. Shaws parent company is investigating a possible data breach. (Photo by Logan Werlinger/Portland Press Herald via Getty Images)
COLMA, CA - APRIL 18: Customers enter a Michaels art and crafts store on April 18, 2014 in Colma, California. Michaels, the largest arts and crafts chain in the U.S., announced that an estimated 2.6 million cards used at its stores across the country may have been affected by a security breach. Aaron Brothers, a subsidiary of Michaels, was also affected by the breach. (Photo by Justin Sullivan/Getty Images)
CORAL GABLES, FL - FEBRUARY 28: A checkout keypad is seen at a Sears store on February 28, 2014 in Coral Gables, Florida. According to reports the U.S. Secret Service is investigating a possible digital attack at Sears Holdings Corp. (Photo by Joe Raedle/Getty Images)
A couple of shoppers leave a Target store on a rainy afternoon in Alhambra, California on December19, 2013, as the US retail giant said some 40 million customers may have had bank card data compromised by hackers who broke into its database as holiday shopping got underway. Target said there had been 'unauthorized access' to its payment system in US stores affecting credit and debit cards with approximately 40 million credit and debit cards possibly affected by the breach between November 27 and December 15, the company said in a statement. AFP PHOTO / Frederic J. Brown (Photo credit should read FREDERIC J. BROWN/AFP/Getty Images)
Discover More Like This
BACK TO SLIDE
But business interests, including the Chamber of Commerce, have argued an information-sharing law is necessary to allow the private sector to cooperate more closely with the government on detecting and minimizing cyber threats without fear of lawsuits.
A round of amendments intended to strengthen some of the bill's privacy protections failed on Tuesday as the bill's bipartisan sponsors warned last-minute changes could upset the balanced language that was the culmination of years of negotiations.
Skeptics of CISA have said it would do little to prevent malicious breaches like the kind that crippled Sony Pictures last year, which the Obama administration publicly blamed on North Korea, or recent thefts of data from companies like Target, Home Depot or Anthem Insurance.
Even some of the bill's supporters have conceded the bill is a small first step to shore up U.S. cyber defenses, which are constantly under assault by hacking groups and foreign nation-states like China and Russia, according to government officials.
Senate Democratic leader Harry Reid said on Tuesday that CISA was "far too weak."
The bill's passage through the Senate was a defeat for digital privacy activists who celebrated the passage in June of a law effectively ending the NSA's bulk collection of U.S. call metadata.
The curtailment of that program, which had been exposed in 2013 by former NSA contractor Edward Snowden, represented the first significant restriction of the U.S. government's intelligence-gathering capabilities since the Sept. 11, 2001, attacks.