CISPA is very short and merely establishes a voluntary mechanism by which a power grid operator (for instance) could subscribe to an iDefense-like service operated by the government to get updates about attacks and push back updates about probes they themselves had noticed.
Lieberman-Collins does the same thing, but also establishes a "cybersecurity tip line" and a regulatory regime for who in the FedGov can receive info from that tip line, something like 20 different new research mandates, a certification program from critical infrastructure operators that exempts them from civil liability, a mandatory periodic research report to congress on DNSSEC, a retention program for cybersecurity workers in the government, new GSA regulations making sure that people don't buy fake Cisco routers, and like 40 other things I forgot after reading the bill.
Nice! I was being somewhat facetious so hopefully people came to the conclusion themselves that the situation is nothing like what the title of this thread is describing. Pretty sad that the copyright lobby has poisoned the water so badly that "get out your pitchforks!" will be a standard reaction to any cybersecurity legislation for years to come :-(.
From the Federal News Talk Radio article, I don't see why any of the following are unnecessary or wasteful. Sounds pretty straightforward and at least somewhat useful to me:
One subsection would ask industry to voluntarily submit cyber threat information to the government. The draft order says this data wouldn't be used for regulatory purposes or used against companies. Sources say there aren't any liability protections in the EO because that could only come from Congress.
A second subsection would require DHS to undertake privacy assessments of the data they collect around critical infrastructure.
A third subsection limits what critical infrastructure is included under the draft EO, and makes clear that First Amendment protections will apply to how the government identifies critical infrastructure.
A fourth subsection would address acquisition and the preferences for products and services that meet the cyber standards developed by the DHS-led council.
The final subsection would call for a report within 120 days discussing possible incentives such as liability protection, expedited security clearances and recognition by the government that the critical-infrastructure owner and operator meet the voluntary standards.
Lieberman-Collins does the same thing, but also establishes a "cybersecurity tip line" and a regulatory regime for who in the FedGov can receive info from that tip line, something like 20 different new research mandates, a certification program from critical infrastructure operators that exempts them from civil liability, a mandatory periodic research report to congress on DNSSEC, a retention program for cybersecurity workers in the government, new GSA regulations making sure that people don't buy fake Cisco routers, and like 40 other things I forgot after reading the bill.