In the last couple of days, a number of blogs and stories have popped up questioning whether the Senate cybersecurity legislation to be introduced next week incorporates the ill-fated SOPA/PIPA legislation or is somehow going to harm the Internet as many claimed SOPA/PIPA would.

Now, I have reviewed the drafts of the cybersecurity bill. I know a bit about cybersecurity. Cybersecurity has been a friend of mine. And, quite simply, the proposed cybersecurity legislation is no SOPA/PIPA.

The proposed cybersecurity legislation, at least the drafts that have circulated, address a serious problem: the vulnerability of the networks and computers that run our lives. It provides for the development of a cybersecurity workforce, research and development, and assuring that individuals are trained about proper cybersecurity practices. The bill also fixes the Federal Information Systems Management Act (FISMA), which dictates how the government protects its own systems. Some versions also address how critical infrastructure (e.g. the electric grid, nuclear plants, telecommunications networks, etc.) providers protect their systems and how information is shared across sectors and between the government and the private sector. It addresses cybercrime penalties.

Essentially, in concept, the bill aims to protect us from bad actors. It continues to be tweaked to address issues raised by the private sector and privacy groups but that is a normal legislative process to reach consensus. The SOPA/PIPA debate was an industry-vs-industry fight that evolved into the content and Silicon Valley industries trying to preserve their vision of the future of technology and intellectual property.

There is no industry-vs-industry fight here. The government has been struggling to counter cyber threats for decades. For almost as long, we've heard of the struggle to secure critical infrastructure, 85 percent of which is owned by the private sector. The fight here is not tech versus traditional but us versus the hackers, foreign nations, and rogue actors who could destroy the very technology that enables so much in our lives.

I understand the fear among some lawmakers about tackling another "SOPA/PIPA" after the grassroots efforts to sideline those bills. But SOPA/PIPA, for the good of the nation, should not be equated with all tech issues. The word "Internet legislation" should neither be a bad nor forbidden phrase. Smart legislating that assures that innovation and the Internet thrive while also protecting the security of both should be our goal.

Quite simply, let's not fall into a trap that equates cybersecurity with SOPA/PIPA. It doesn't serve our computer networks or our nation's security well.

This week, the House Homeland Security Committee marked up the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act (PRECISE Act, H.R. 3674), sponsored by Rep. Dan Lungren, R-Calif. The bill tackles multiple cybersecurity issues and creates a new information sharing organization entitled NISO.

Next week the Energy and Commerce Committee will hold a hearing on cybersecurity, though the focus of the hearing remains in flux, at least publicly. Also, waiting in the wings, is another bill, the Cyber Intelligence Sharing and Protection Act of 2011 (H.R. 3523) by Rep. Mike Rogers, R-Mich., Chairman of the House Intelligence Committee, that also tackles information sharing. There seems to be some debate about whether the Rogers bill complements or competes with the Lungren bill and it remains unclear whether both bills will move through the House or one will prevail or, worse case scenario, neither one advances. There is also Rep. Michael McCaul's, R-Texas, cyber R&D bill, the Cybersecurity Enhancement Act of 2011 (H.R. 2096), which passed through the Science and Technology Committee last year and is largely viewed as noncontroversial.

On the Senate side, a much-awaited comprehensive bill tackling FISMA reform, governmental authorities, critical infrastructure protection, R&D, information sharing, data breaches, and miscellaneous provisions is expected any day, although its "comprehensive" nature appears to be less likely every day. It is not clear whether enough consensus exists around the data breach and information sharing sections to allow them to be included, though the various pieces of the bill seem to be moving hourly. Opposition to the Senate comprehensive effort has been voiced by several Republican Senators as well as such groups as the Chamber of Commerce, though there has not been any alternative legislation offered in place of the comprehensive approach.

The Chamber, in a letter this week, called for "slowing" the process, asked for hearings and said the Senate was moving too quickly to get a bill to the floor that has not had adequate vetting and discussion. In reading the letter, I wasn't sure if the Chamber has been following the same cybersecurity bills many of us have been following -- the effort to move cybersecurity legislation in the Senate dates back to at least 2009, when Sens. Rockefeller and Snowe of the Senate Commerce Committee introduced a cybersecurity bill that was soon followed by a competing bill introduced by Sens. Lieberman and Collins of the Homeland Security and Government Affairs Committee. Three years, numerous hearings,and dozens of drafts later, there appears to be more consensus than competition as the two Committees, with input from other Committees, have come up with the latest versions of the various sections mentioned earlier.

Perhaps there should be one more hearing, if for no other reason than to lay out clearly for those who seem to have missed all the work that has been done, to move our nation's cybersecurity efforts forward and have a discussion about the issues that remain unresolved. For those remaining unresolved issues, let's get the various interests together publicly to put their ideas on the table on how to address them. And for those folks who don't have ideas, to quote Sidney Harris, "if you're not part of the solution, you're part of the problem."

That said, there may well be a few items where disparate views and solutions make it difficult to resolve the proper path forward. For those issues, the question should be how critical are the and can we move forward without them and still make progress? If the answer is yes, then cybersecurity legislation should move forward. If the answer is no, then we have a big problem and some of us may want to reevaluate the skepticism we've held for our Luddite brethren.

However you look at it, February is turning into quite the month for cybersecurity.

The Associated Press reported this morning on a study to be released by The Constitution Project that concludes Americans should be concerned about the federal government's public-private partnership efforts to share information. Specifically, the AP states that the report raises concerns about "sensitive personal information of people who work for or communicate with [private sector companies sharing information] could be improperly or inadvertently disclosed." In addition, the Constitution Project has found that the government "runs the risk of establishing a program akin to wiretapping all network users' communications."

Ensuring that we protect privacy is important, but, at the same time, if there truly is going to be a public-private partnership to further our efforts on cybersecurity we must be careful to not overly restrict efforts to share information to evaluate the threats and vulnerabilities that are leaving our nation more vulnerable each day. Safeguards are certainly needed but we need to ensure that we do not make them overly onerous so as to make any effective information sharing impossible.

Without an effective information sharing regime, Congress, the administration and the private sector will continue to struggle in formulating a comprehensive mechanism for making sure we know who, what, and why so many websites, whether they're selling shoes, military weapons or a president's fitness challenge, are being attacked and ransacked of data. Also, privacy cannot be addressed in a vacuum -- the government should be careful not to overly restrict its public-private partnerships by holding them to a standard that is antiquated in today's social media driven society where information is freely shared and available

Quite simply, information sharing for cybersecurity must be a golden mean between privacy, functionality, and effectiveness.

Visitors to the President's Challenge Physical Activity, Nutrition and Fitness Awards program website on Thursday were in for a surprise when instead of the fitness page they received the following message:

Site Maintenance

We're taking a little breather.

Our site is down temporarily for maintenance. It'll be up and running again soon, though. In the meantime, we hope you'll get up and go running--or participate in some other activity you enjoy.

The Challenge, a long-standing program of the President's Council on Fitness, Sports and Nutrition, had a bigger surprise to those who had accounts on the site. Account users received the following message:

Hackers recently accessed our database, which included personal information such as your username, password, security question and answer, email address, date of birth, city and state, and, if you provided it, your name. The hackers were also able to access data such as your logged activities, your nutrition goals, what groups you are in, and messages you had sent and received within the online tracker.

After we learned about the attack, we quickly took down the President's Challenge website on January 11 and began the process of determining what information the hackers accessed and how it may affect you. We also contacted law enforcement to alert them to the hackers' illegal activity.

It is unclear who attacked the site or why. What is known is that there has been a strong connection in the past year between the Challenge and the Let's Move program promoted by First Lady Michelle Obama. Which leaves one to wonder:

-- Was it a political attack by those supporting commentators who have criticized the first lady for promoting fitness while enjoying that occasional french fry? Doubtful.

-- Is a certain nation-state that shall remain unnamed, in addition to allegedly promoting hacks into our government and company systems, now looking for information on how healthy we are, what exercise programs we prefer, and what we think we should be eating? Hmmm . . . this would bring a whole new dynamic to the information warfare realm.

-- Is it a revolt against the fitness wave by some stereotyped self-proclaimed nerd or geek, whatever his age? Unknown, but always a possibility.

-- Or, is this part of the hacktivist movement against possibly organized exercise efforts that could make Americans conform with fitness norms and structures? Doubtful, especially as Anonymous has not made any claims to the attack and its members were preoccupied the past week attacking Justice, Universal Music, and other government sites and content providers for their support of the SOPA/PIPA bills being debated in Congress.

Law enforcement is investigating so we may know soon enough who was behind the attack on the site that was helping Americans battle the bulge.

On Thursday, the Electronic Privacy Information Center sent a letter to the Federal Trade Commission requesting that the agency investigate Google's recent announcement to integrate its social network, Google+, into search results.

The letter asserts a number of charges relating to competition and privacy. One of the issues mentioned is the change is making personal data of users more available in a public realm. The letter quotes James Grimmelmann, an associate professor at New York Law School, noting that the change "breaks down a very clear conceptual divide between things that are private and things that are public online."

This issue is an interesting one in the larger social networking realm. As we put more information online, how public should our private information be? What is private anyway? What do I think is private or a certain class of information?

Indeed, the underlying questions have led to a new wave of social networking sites that seem to be turning on its head the Facebook/Google model of sharing information. These innovators allow individual users to set boundaries around types of information, controlling who (if anyone) gets to see it.

One emerging company that has been making the news lately is Personal, which allows a user to add "gems" and data to their own private and secure data vault. The site even tells users how they can monetize their data to make money off their information. The site stresses its use of security, privacy and encryption to keep user information secure. Other companies, such as Singly and Greplin, allow users to search their online data and activity to provide a better understanding of what they are doing or want to do online.

From a security standpoint, allowing users to manage their information in a private controlled environment is an interesting concept -- assuming that the security tools used are strong enough to resist attacks and prying eyes. Not only could social networking be revolutionized by these user-controlled data structures, the structures could create unique legal issues. If a person's data is truly private, what access, if any, should the company enabling the privacy have? How could that affect law enforcement efforts and the use of such laws as the Electronic Communications Privacy Act?

As the privacy pendulum swings to benefit the user, expect a great deal of scrunity on the security elements of "private" sites.