The name of the legislation – “Protecting Cyberspace as a National Asset Act of 2010” – sounds scary and the Connecticut Senator who introduced it is known more for his conservatism on national security issues than his Internet savvy.
But despite rumors to the contrary, the bill does not create an “Internet kill switch.” That power already is available to the government and has been since the passage of the 1934 Telecommunications Act.
Leslie Philips, who serves as U.S. Sen. Joseph Lieberman’s communications director for the Senate Committee on Homeland Security and Government Affairs, said a recent article published by CNET contained “crazy” notions, and has generated a lot of inaccurate hype.
She said the bill, which will be marked up today by the committee, creates a public/private partnership between the Department of Homeland Security and the owners of critical telecommunication and information technology systems. The legislation applies only to critical infrastructure networks—such as the power grid and transportation systems—and does not cover specific websites, software companies, or search engines, she said.
About 85 percent of the nation’s critical infrastructure is owned by the private sector, and in the event of a cyber attack the government needs to be able to protect specific sectors.
Lieberman’s bill would give the president and Homeland Security the “surgical authority to apply a patch,” Philips said.
She emphasized that Homeland Security’s National Center for Cybersecurity and Communications would work with key industries to solve problems should a cyber attack impact the public health and safety of the American people.
According to the bill, “The owners and operators of covered critical infrastructure shall have flexibility to implement any security measure, or combination thereof, to satisfy the security performance requirements described in subparagraph (A) and the Director may not disapprove under this section any proposed security measures, or combination thereof, based on the presence or absence of any particular security measure if the proposed security measures, or combination thereof, satisfy the security performance requirements established by the Director under this section.”
And once a cyber emergency is declared, the legislation limits its duration to 30 days with the option for a 30-day extension.
But trade associations like TechAmerica are concerned the legislation may have unintended consequences.
“Good intentions aside, America’s technology companies are concerned about the unintended consequences that would result from the legislation’s regulatory approach,” TechAmerica President and CEO Phil Bond said earlier this month when the bill was introduced.
While industry recognizes that the Senators intended to focus narrowly on the most critical infrastructure, the fundamental interconnected nature of the systems and networks makes that virtually impossible, Bond added.
“If the bill passes in its current form, it will turn the Department of Homeland Security (DHS) into a significant regulatory agency. Regulations like these could seriously undermine the very innovation we need to stay ahead of the bad actors and prosper as a nation,” Bond said.
Philips said Lieberman and the committee have been discussing threats from cyberspace for a long time and consider this bill to be a balanced approach.
“Our economic security, national security and public safety are now all at risk from new kinds of enemies—cyber-warriors, cyber-spies, cyber-terrorists and cyber-criminals,” Lieberman said when he unveiled the bill. “The need for this legislation is obvious and urgent.”
However, critics of the bill say it will create an Internet kill switch.
There’s an online petition with 371 signatures and several Facebook pages which have popped up in opposition to the bill, but none of them have more than 26 members.