Lawmakers of all stripes acknowledge that the policy landscape has not kept up with the rapid emergence of online threats from hackers and state-sponsored attackers at home and abroad. But consensus about how to address the challenge has been tough to come by.

Fault lines in the debate have included which government agency should take the lead in securing civilian government and private-sector networks, concerns over privacy and civil liberties protections, emergency powers for the president and, principally, the extent to which an executive agency should have regulatory authority over operators of critical digital infrastructure in the private sector.

One bipartisan bill that has been in the Senate takes a comprehensive approach, and though it would not set up a cyber authority within the White House, it would grant the Department of Homeland Security new regulatory powers over private-sector operators. A GOP-backed bill in the upper chamber was as an alternative that would instead focus more narrowly on mechanisms to enable government and businesses to share information about cyber threats without concern for legal or regulatory consequences.