Senator Moves To Form Federal "Cyber-Emergency" Agency
Though most of us would admit we get a bit jumpy when our internet connection goes on the fritz, it's unlikely that many could call it an emergency. The potential for a massive cyber-emergency is on the mind of at least one Senator, however, who wants to give the President the power to "protect" us against an internet crisis.
The Protecting Cyberspace as a National Asset Act, sponsored by Senator Joseph Lieberman (I-CT), proposes to create a new White House "Office of Cyberspace Policy", as well as a National Center for Cybersecurity and Communications under the auspices of the Department of Homeland Security. The two bodies would have sweeping powers to "protect" the internet from whatever dangers they might dream up.
In addition to coordinating national cybersecurity among the various federal agencies and cabinet departments, the NCCC would have authority over private-sector providers deemed vital to cybersecurity. These companies would be required to comply with "security measures" set out by the Director of the NCCC, and would be subject to federal penalties for noncompliance.
Even other federal bodies would be within the NCCC's reach. Every federal agency be required to submit any portion of its budget related to cybersecurity for review and comment by the Director, who would have the authority to make formal objections to "inadequate" requests.
Additionally, the Director would have the authority to determine whether any federal agency is "not in compliance with applicable policies, principles, standards, and guidelines applicable to the Federal information infrastructure." Noncompliant agencies would be ordered to acquiesce, on pain of having relevant portions of their infrastructure "isolated."
Additionally, the Director would be granted access to "law enforcement information, intelligence information, terrorism information, and any other information" relevant to cybersecurity. The sole limitation on this authority protects the private sector from being forced to engage in surveillance not explicitly authorized by law.
The President would gain the power to unilaterally declare a national cyber-emergency and order operators of "critical infrastructure" to immediately implement "response plans" as provided for by the act. Those who fail to do so would be subject to fines, while those who comply would be protected from civil liability for any damages they might cause in doing so — government speak for "you can break people's stuff and they're just out of luck."
The Lieberman bill is not the first time such a measure has been proposed, and will likely not be the last, as we predict it has little chance for seeing the light of day. Though the bill has been referred to the Senate Committee on Homeland Security and Governmental Affairs — which Lieberman chairs — it will no doubt find itself before at least one more, where it will face scrutiny sans the benefit of nepotism.
Likewise, an appearance before the full Senate, the House and its committees, and of course, the President himself, stand in its way. Idealistic notions aside, members of Congress keep their seats by keeping their backers happy, and the companies targeted by the bill certainly won't be if it lingers for long. It may pass out of Lieberman's committee, but it won't go far from there.
Those with morbid curiosity, or insomnia, can get the full text of the bill — all 197 pages — from the Senate's website.
Justin Ryan is a Contributing Editor for Linux Journal.