Lieberman wants to give federal government power over Internet cybersecurity

Tools

A proposed Senate bill would give the President power to force private-sector operators of information technology and communications "critical infrastructure" to implement government-designed cybersecurity measures during an emergency.

The "Protecting Cyberspace as a National Asset Act of 2010," introduced June 10 by Senators Joe Lieberman (I-Conn.), Susan Collins (R-Maine) and Thomas Carper (D-Del.) would allow the President to order the private sector to "immediately comply with any emergency measure or action developed" by the Homeland Security Department.

The bill would charge DHS with creating a list of critical infrastructure that includes any private-sector system or asset that is part of the U.S. information infrastructure and relies on that infrastructure in order to operate. Some critical infrastructure companies would be required to continuously implement security measures approved by the director of new DHS office called the National Center for Cybersecurity and Communications. The NCCC director would be responsible for leading federal civilian agency cybersecurity and also  for providing "dynamic, comprehensive and continuous situational awareness" over civilian, defense, intelligence community and private sector security status.

A summary of the bill prepared by the Senate Homeland Security and Governmental Affairs Committee--on which Lieberman is chairman, Collins is the senior Republican and Carper is chair of a subcommittee--says that "the bill does not authorize any new surveillance authorities, or permit the government to 'take over' private networks."

The bill would also create within the White House an Office Of Cyberspace Policy with a director charged with drafting strategy and reviewing agency cybersecurity budgets. In addition, it would require agencies to implement automated and continuous monitoring of their cybersecurity controls.  

The bill has provoked cautious and critical responses so far.

"We are continuing to evaluate the emergency powers in the bill to make sure they provide for coordination with industry at every step and to mitigate the potential for absolute power," said TechAmerica president Phil Bond in a statement. Bond also criticized other aspects of the bill, stating that the bill would turn DHS into a "significant regulatory agency" and undermine innovation.

Center for Democracy & Technology President Leslie Harris worried the bill "does not specify whether the broad emergency powers it would grant include authority to shut down or limit Internet traffic on private systems," while noting in a statement that bill authors have "signaled their intent to give the President no Internet 'kill switch' authority."

Bob Dix, a former House staff director involved with cybersecurity and now vice president of government affairs and critical infrastructure protection at Juniper Networks told Nextgov that "the notion that the government has a better idea than the owners and operators about how to manage risk is not even reasonable.

The Senate Homeland Security committee plans to hold a hearing on the bill June 15.

For more:
- see the THOMAS page for S. 3480, the Protecting Cyberspace as a National Asset Act of 2010.
- read the text of the legislation (.pdf), or read a one page summary (.doc), or a section-by-section summary (.doc)
- go to the Senate Homeland Security and Governmental Affairs Committee webpage on the bill, which includes video of Lieberman, Collins and Carper introducing the bill.  

Related Articles:
SASC orders DoD cybersecurity changes in authorization bill
SASC wants $30M for private sector cybersecurity pilots
House approves FISMA reform