by Greg Fulton
17 April 2009
Raw Story
from
VoltaireNet Website
A recently proposed but little-noticed Senate
bill would allow the federal government to shut down the Internet in times
of declared emergency, and enables unprecedented federal oversight of
private network administration.
The bill’s draft states that,
“the president may order a cybersecurity
emergency and order the limitation or shutdown of Internet traffic” and
would give the government ongoing access to “all relevant data
concerning (critical infrastructure) networks without regard to any
provision of law, regulation, rule, or policy restricting such access.”
Authored by Democratic Sen. Jay Rockefeller
of West Virginia and Republican Olympia Snowe of Maine, the
Cybersecurity Act of 2009 seeks to create a
Cybersecurity Czar to centralize power now held by the Pentagon, National
Security Agency, Department of Commerce and the Department of Homeland
Security.
While the White House has not officially
endorsed the draft, it did have a hand in its language, according to The
Washington Post.
Proponents of the measure stress the need to centralize cybersecurity of the
private sector.
“People say this is a military or
intelligence concern,” says Rockefeller, “but it is a lot more than
that. It suddenly gets into the realm of traffic lights and rail
networks and water and electricity.”
Snowe added,
“America’s vulnerability to massive
cyber-crime, global cyber-espionage and cyber-attacks has emerged as one
of the most urgent national security problems facing our country today.
Importantly, this legislation loosely parallels the recommendations in
the CSIS [Center for Strategic and International Studies]
blue-ribbon
panel report to President Obama and has been embraced by a number of
industry and government thought leaders.”
Critics decry the broad language, and are
watchful for amendments to the bill seeking to refine the provisions.
According to
opencongress.com, no amendments to the draft have been
submitted.
Organizations like the
Center for Democracy and Technology
fear if passed in its current form, the proposal leaves too much discretion
of just what defines critical infrastructure.
The bill would also impose mandates for
designated private networks and systems, including standardized security
software, testing, licensing and certification of cyber-security
professionals.
“I’d be very surprised if it doesn’t include
communications systems, which are certainly critical infrastructure,”
CDT General Counsel Greg Nojeim told Eweek. “The president would decide
not only what is critical infrastructure but also what is an emergency.”
Adds Jennifer Granick, civil liberties
director of the Electronic Frontier Foundation,
“Essentially, the Act would federalize
critical infrastructure security. Since many systems (banks,
telecommunications, energy) are in the hands of the private sector, the
bill would create a major shift of power away from users and companies
to the federal government.”