Business executives and national security leaders are of one mind over the need to improve the security of computers that control elements critical to the U.S. infrastructure. But the two groups are divided over the question of who should bear the responsibility for that effort. The cybersecurity debate is complicated by the important fact that most critical elements of the U.S. infrastructure, from the electric grid to the telecommunications system, are privately held. If a U.S. adversary attacked the computer networks that control those systems, the companies that own them would have to take care of the networks themselves. Some security experts have raised questions about whether private industries are up to the challenge of defending against cyber attacks and whether the subject is getting adequate attention from corporate boards and senior executives.

Enter Congress. In April, lawmakers introduced a variety of bills intended to bolster cybersecurity. The main difference among them appeared to be whether the government should require companies to build up their cyber defenses or just encourage them to do so.

However, as the legislation took shape, another controversy emerged and has taken center stage. The new debate is over privacy protections. The new cybersecurity legislation, officially named the Cyber Intelligence Sharing and Protection Act (CISPA), passed the House on a bipartisan vote of 248-168 late on Thursday, April 26, 2012. But amid concerns that the bill does not sufficiently protect individuals' privacy, the legislation ran into a significant pushback at midweek that portends further wrenching adjustments before a final bill can emerge from the Senate.

CISPA allows private companies to voluntarily share information with certain governmental agencies including, among others, the National Security Agency in order to identify and defeat cyber attacks. The information sharing would be voluntary to avoid imposing new regulations on businesses, an imperative for Republicans...