By Jason Lee Miller
Two bills introduced giving the President the power to deem a private network part of the nation’s critical infrastructure and shut it down for cybersecurity reasons also gives the Commerce Secretary the power to access network data outside of oversight.
The Big Brother vibe coming off both is reminiscent of a demanding report submitted before Obama even took office. About a month after Election Day, the Center for Strategic and International Studies (CSIS) issued a report called Securing Cyberspace for the 44th President.
Heard of the military-industrial complex? The CSIS is likely where they meet to carpool.
The recommendations in the report, ignored by the previous administration, are sweeping and demanding. The principle minds behind it hailed from the CIA, the US Navy, Microsoft, Sun, AT&T, ICANN, Lockheed Martin, Cisco, and GE—among a slew of others—and likely those minds felt confident they’d get a more sympathetic ear from the new President. And they were likely right. They’d get that from Congress, too.
Senators Jay Rockefeller and Olympia Snowe introduced legislation last week echoing much of what the CSIS report was looking for, which is primarily a set of standards network operators are to live up to—more on that in a bit. One bill creates the office of cybersecurity czar, called a National Cybersecurity Adviser, who will oversee national network security. Confirmed by the Senate, the cybersecurity czar will have the highest security clearance necessary to monitor infrastructure networks and will be a party to secret initiatives.
Thanks to the Cybersecurity Act of 2009, the cybersecurity czar will be advised by a panel stakeholders from government, private, academic, and nonprofit sectors, much like the signatories to CSIS’s report. Also under the longer bill, the President can order the disconnection of any federal or private critical infrastructure network during emergencies or for reasons of national security. “Critical infrastructure” could include the networks attached to financial, power, transportation, medical, communication or any other network deemed critical that could be the target of a cyber attack.
In short, the President could shut down much of the Internet if he thought necessary. The Secretary of Commerce would also be given “access to all relevant data concerning [critical] networks without regard to any provision of law, regulation, rule, or policy restricting such access” in the event of a cybersecurity emergency.
The National Institute of Standards and Technology would be charged with developing standards and tests for information networks and software used by federal agencies, contractors, or other private networks deemed part of the critical infrastructure.
Typically, when legislation affecting, limiting, or dictating major corporations hits Congress, those corporations make big stinks. Watch AT&T and Verizon go mad with anti-regulation fervor whenever Net Neutrality is brought up. All sectors are suspiciously quiet on this front, though. It could be because there’s big money in standardization, especially if your company gets to create the standards, and there’s big money in government contracts, too. Essentially, sometimes a report is a bid for a job.
While no one would object to the federal government improving its ability to fight off cyber attacks or to updating cybersecurity policies to reflect 21st Century approaches, it seems wise to be wary of handing over so much power to a few people and wary of giving up so much of our digital sovereignty.