The Conservative Nation

Bill would give president emergency control of Internet

In yet ANOTHER grab for power, the socialist Democrats in the senate have written a bill that would give President Obama the power to disconnect non-government users from the Internet. Sen. Jay Rockefeller, (D-WV) and his aides have spent months secretly writing the bill that would allow to the president to “declare a cyber security emergency” relating to “non-governmental” computer networks and do what’s necessary to respond to the threat. Other sections of the proposal include a federal certification program for “cyber security professionals,” and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license. To say that Internet companies and civil liberties groups are alarmed when a U.S. Senate bill proposes handing the White House the power to disconnect private-sector computers from the Internet is an understatement.
The privacy implications of sweeping changes implemented before the legal review is finished worry Lee Tien, a senior staff attorney with the Electronic Frontier Foundation in San Francisco. “As soon as you’re saying that the federal government is going to be exercising this kind of power over private networks, it’s going to be a really big issue,” he says.
Probably the most controversial language begins in Section 201, which permits the president to “direct the national response to the cyber threat” if necessary for “the national defense and security.” The White House is supposed to engage in “periodic mapping” of private networks deemed to be critical, and those companies “shall share” requested information with the federal government. (“Cyber” is defined as anything having to do with the Internet, telecommunications, computers, or computer networks.) The language has changed (from the original version), but it doesn’t contain any real additional limits. It simply switches the more direct and obvious language they had originally to the more ambiguous (version)…The designation of what is a critical infrastructure system or network as far as I can tell has no specific process. There’s no provision for any administrative process or review. That’s where the problems seem to start. And then you have the amorphous powers that go along with it.
Translation: If your company is deemed “critical,” a new set of regulations kick in involving who you can hire, what information you must disclose, and when the government would exercise control over your computers or network.
The Internet Security Alliance is supportive of increased federal involvement to enhance cyber security, but believes that the wrong approach, as embodied in this bill as introduced, will be counterproductive both from an national economic and national security perspective. An excerpt of the bill is below:
25
S. 773 Amdt.
(B) the public on the website of the Office within 90 days after receipt of the information under subsection (b)(1).
(c) REGULATIONS.—Not later than 180 days after the date of enactment of this Act, the Director of the Office of Personnel Management shall prescribe regulations establishing the methodology, timing, and reporting of the data described in subsection (a).

TITLE II—PLANS AND AUTHORITY
SEC. 201. CYBERSECURITY RESPONSIBILITIES AND AUTHORITY.
The President— within 180 days after the date of enactment
of this Act, shall develop and implement a comprehensive national cybersecurity strategy, which shall include—
(A) a long-term vision of the Nation’s cybersecurity future; and
(B) a plan that encompasses all aspects of national security, including the participation of the private sector, including critical infrastructure operators and managers;
(2) in the event of an immediate threat to strategic national interests involving compromised Federal Government or United States critical infrastructure information system or network—
(A) may declare a cybersecurity emergency; and
(B) may, if the President finds it necessary for the national defense and security, and in coordination with relevant industry sectors, direct the national response to the cyber threat and the timely restoration of the affected critical infrastructure information system or network;
(3) shall, in coordination with various critical infrastructure industry sectors, develop detailed cyber emergency response and restoration plans for each critical infrastructure industry sector;
(4) shall, through the appropriate department or agency, review critical functions that would be needed after a cyber security attack and develop a strategy for the acquisition, storage, and periodic replacement of equipment to support those functions;
(5) shall direct the periodic mapping of Federal Government and United States critical infrastructure information systems or networks, and shall develop metrics to measure the effectiveness of the mapping process;
(6) shall, through the Office of Science and Technology Policy, direct an annual review of all Federal cyber technology research and development
investments;
(7) may delegate original classification authority to the appropriate Federal official for the purposes of improving the Nation’s cybersecurity posture;
(8) shall, through the appropriate department or agency, promulgate rules for Federal professional responsibilities regarding cybersecurity, and shall provide to the Congress an annual report on Federal agency compliance with those rules;
(9) shall withhold additional compensation, direct corrective action for Federal personnel, or terminate a Federal contract in violation of Federal rules, and shall report any such action to the Congress in an unclassified format within 48 hours after taking any such action; and
(10) shall notify the Congress within 48 hours after providing a cyber-related certification of legality to a United States person.
(a) IN GENERAL.—Beginning with 2013 and in every
second year thereafter, the President, or the President’s

Subscribe to blog feed.

Leave a Reply