OpenCongress Blog

Blog Feed Comments Feed More RSS Feeds

The Cybersecurity Act

April 28, 2009 - by Donny Shaw

“America’s vulnerability to massive cyber crime, global cyber espionage, and cyber attacks has emerged as one of the most urgent national security problems facing our country today,” says Sen. Olympia Snowe [R, ME]. "If we fail to take swift action, we, regrettably, risk a cyber-Katrina.”

To deal with the issue, she has teamed up with Sen. Jay Rockefeller [D, WV] (pictured) and introduced into Congress the Cybersecurity Act of 2009. Since it’s introduction on April 1st, it has moved up the OpenCongress most-viewed bills list into the top five, and here’s why: it would give the President unilateral authority to shut down the internet.

No joke. I know this sounds a little paranoid, so here are a couple of key excerpts directly from the bill’s text (link and link):

SEC. 18. CYBERSECURITY RESPONSIBILITIES AND AUTHORITY.

The President -

[…]

(2) may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network;

[…]

(6) may order the disconnection of any Federal Government or United States critical infrastructure information systems or networks in the interest of national security;
SEC. 14. PUBLIC-PRIVATE CLEARINGHOUSE.

[…]

(b) FUNCTIONS- The Secretary of Commerce –

(1) shall have access to all relevant data concerning [Federal Government and private sector owned critical infrastructure information systems and] networks without regard to any provision of law, regulation, rule, or policy restricting such access;

As Jennifer Granick of the Electronic Frontier Foundation points out, the language in the second excerpt would give the Commerce Department “absolute, non-emergency access to ‘all relevant data’ without any privacy safeguards like standards or judicial review.”

Of course, the scope of these new powers ultimately comes down to how the phrase “Federal Government and private sector owned critical infrastructure information systems,” which is mentioned repeatedly in the bill, is defined. Taking a Look at the bill’s “Definitions” section we learn that it is left wide open to be defined however the President chooses to define it:

(3) FEDERAL GOVERNMENT AND UNITED STATES CRITICAL INFRASTRUCTURE INFORMATION SYSTEMS AND NETWORKS- The term ‘Federal Government and United States critical infrastructure information systems and networks’ includes -

(A) Federal Government information systems and networks; and

(B) State, local, and nongovernmental information systems and networks in the United States designated by the President as critical infrastructure information systems and networks.

Some obvious information systems that would be considered critical are banks, credit card companies, utilities, airlines, trains, hospitals, etc. But, as Center for Democracy and Technology general counsel Greg Nojeim says, it’s possible that less obvious systems, like email, might also be included. “I’d be very surprised if it doesn’t include communications systems, which are certainly critical infrastructure,” Nojeim told eWeek.

That said – and this is also something Nojeim mentions – the bill has several less controversial parts. For example, its companion measure, S. 778, would establish an executive Office of National Cybersecurity Advisor, or “cyberczar” and take the job of securing cyberspace away from the Department of Homeland Security and put it under the purview of the White House. This was the subject of a Senate Homeland Security Committee hearing that took place yesterday. It also contains scholarships for students to study cybersecurity issues, a cybersecurity awareness campaign, a mandate for the creation of cybersecurity metrics, and much more.

I think many tech savvy types would agree that cybersecurity is crucial, that the government needs to improve in this area, and that private sector systems must be involved and protected. But the proper solution would probably be focused more on finding specific critical lapses and developing solutions, and less on broad powers for the federal government to shut things down.

Like this post? Stay in touch by following us on Twitter, joining us on Facebook, or by Subscribing with RSS.
 

Comments

  • ursa65 04/29/2009 9:19am

    I agree that security is important but putting it in the hands of a politician is a bad move. It should be an independent body staffed by qualified people who can make a decision based soley on a threats merit.

  • Comm_reply
    Anonymous 04/29/2009 11:37am

    I agree, these politicians have way too many ulterior and self interested motives. We need to have a committee of tech savvy professionals that are independent of corporate and political influence.

  • Anonymous 04/30/2009 6:35am
    Link Reply
    + -1

    Another agency that Congeress can play with and fund their retiremnts with jobs. Obama gets to do more appointments. What if Obama doesn’t like someone like GM or CEO’s bonuses or banks loan criteria or the new Bio shield…………….

  • Nowabouthat 04/30/2009 6:41am

    12.2 is Hillary’s free school for public employees. They get the scholarship and then the job. Do you have to be a dem to work for the federal government?

  • Spam Comment

Due to the archiving of this blog, comment posting has been disabled.