"The federal government's role in protecting U.S. citizens and critical infrastructure from cyber attacks has been the subject of recent congressional interest. Critical infrastructure commonly refers to those entities that are so vital that their incapacitation or destruction would have a debilitating impact on national security, economic security, or the public health and safety. This report discusses selected legal issues that frequently arise in the context of recent legislation to address vulnerabilities of critical infrastructure to cyber threats, efforts to protect government networks from cyber threats, and proposals to facilitate and encourage sharing of cyber threat information among private sector and government entities. This report also discusses the degree to which federal law may preempt state law. […] Private entities that share information may also be concerned that sharing or receiving such information may lead to increased civil liability, or that shared information may contain proprietary or confidential business information that may be used by competitors or government regulators for unauthorized purposes. Recent legislative proposals would seek to improve the nation's cybersecurity, and may raise some or all of the legal issues mentioned above. Some would permit information sharing between the public and the private sectors, while others would require all federal agencies to continuously monitor their computer networks for malicious activity and would impose additional cybersecurity requirements on all federal agencies and critical infrastructure networks. This report provides a general discussion of the legal issues raised by these proposals; however, a detailed description and comparison of these legislative proposals is beyond the scope of this report."
CRS Report for Congress, R42409