Cybersecurity bill better but not perfect
- Published September 2, 2009
- News, Politics, Technology
- Leave a Comment
Back in April, Senators Jay Rockefeller and Olympia Snowe introduced two bills, 773 and 778, which would’ve essentially given the President the unilateral ability to shut down any services on the Internet — even those from the private sector — in the case of a “cybersecurity emergency”. But the bills didn’t stop there. They would’ve also given the Commerce Department “access to all relevant data concerning [critical] networks without regard to any provision of law, regulation, rule, or policy restricting such access.”
As Wired points out, S-773 has been revised significantly since then, removing much of the controversial language and replacing it with more sensible (albeit general) guidelines for dealing with with cyber attacks on the U.S.:
(2) [I]n the event of an immediate threat to strategic national interests involving compromised Federal Government or United States critical infrastructure information system or network—
(A) [the President] may declare a cybersecurity emergency; and
(B) may, if the President finds it necessary for the national defense and security, and in coordination with relevant industry sectors, direct the national response to the cyber threat and the timely restoration of the affected critical infrastructure information system or network;
(3) shall, in coordination with various critical infrastructure industry sectors, develop detailed cyber emergency response and restoration plans for each critical infrastructure industry sector;
(Full text of the bill here.)
Further, the revised bill seems to negate S-778, which called for the creation of an Office of the National Cybersecurity Advisor. Instead, S-773 calls for a Cybersecurity Advisory Panel, which would be comprised of “representatives of industry, academic, non-profit organizations, interest groups and advocacy organizations, and State and local governments who are qualified to provide advice and information on cybersecurity research, development, demonstrations, education, personnel, technology transfer, commercial application, or societal and civil liberty concerns”.
All in all, it’s a vast improvement over the original bill. It gives the President the ability to quickly respond to critical threats to the nation’s information infrastructure, and in emergencies such as those of 9/11 and Hurricane Katrina, such a response is absolutely vital. And when you consider how vulnerable we are to a targeted cyber attack, it’s obvious we must be prepared to deal with those crises.
That said, the bill is certainly not ideal. First, it still gives the White House authority over private-sector networks and information systems in the event of an emergency without specifically limiting that authority. In other words, the definition of what constitutes a “cybersecurity emergency” is still at the sole discretion of the White House, opening the door to potential abuse. And as I pointed out in April, President Obama has proven time and again that he is more than willing to seize control of private corporations if given the chance.
Second, the inclusion of “interest groups” on the Advisory Panel should raise an immediate red flag. Think ACORN, the ACLU, RIAA lobbyists, and other groups. How much influence groups like that would have is unclear, but do we really want to find out?
The revision of S-773 has definitely eased some concerns, but there is still more room for improvement.
Previously:
Bill would give government unrestricted control over the Internet


A new poorly-worded
In recognition of the 50th anniversary of the creation of ARPA (the Advanced Research Projects Agency), the Department of Defense agency that would give birth to what is now the Internet, Vanity Fair has attempted to compile an 












