Security or Privacy Issue: Government Eyes Control of Networks

Tuesday, June 22, 2010 @ 04:06 PM gHale

Is the potential of the government taking over private networks considered solid protection or an invasion of privacy?
That question may soon get a good airing as members of the Senate Homeland Security and Governmental Affairs Committee introduced a cybersecurity bill that would give the president new emergency authority over private networks.
The bill would also make the Department of Homeland Security (DHS) responsible for protecting civilian networks, raising industry concerns about excess regulation.
“We cannot afford to wait for a ‘cyber 9/11’ before our government finally realizes the importance of protecting our digital resources, limiting our vulnerabilities and mitigating the consequences of penetrations of our networks,” Sen. Susan Collins (R-Maine) said in a floor statement introducing the bill with Sens. Joe Lieberman (I-Conn.) and Tom Carper (D-Del.).
The Protecting Cyberspace as a National Asset Act would move the operational center for civilian cybersecurity from the White House to DHS and establish a permanent Office of Cyberspace Policy within the White House with a Senate-confirmed presidential appointee in charge. That individual would have an advisory rather than operational role.
“Our economic security, our national security, our public safety are all at risk as a result from new kinds of enemies with new kinds of names like cyberwarriors, cyberspies, cyberterrorists and cybercriminals,” Lieberman said. “And that risk may be as serious to Homeland security as anything we face today.”
Lieberman said systems at agencies as diverse as NASA, the Commerce Department, and the Pentagon have suffered major intrusions by unknown foreign entities. He also said hackers have probed the systems controlling the electrical grid and stolen millions from businesses in monetary assets and intellectual property.
Phil Bond, president of the industry group TechAmerica, applauded the senators for tackling cybersecurity but said companies remain concerned over DHS’ expanded role in regulating private network security. The bill is one of several pieces of legislation drafted in recent months aimed at improving the government’s cybersecurity.
“If the bill passes in its current form, it will turn the Department of Homeland Security into a significant regulatory agency,” Bond said. “Regulations like these could seriously undermine the very innovation we need to stay ahead of the bad actors and prosper as a nation.”
Under the bill, DHS’s new National Center for Cybersecurity and Communications (NCCC) would be responsible for protecting against — and responding to — attacks on federal civilian networks as well as any private-sector assets deemed critical, a job that currently resides in the White House.
That authority would be limited to private networks whose suspension would result in deaths or massive property damage, according to a Senate aide. The aide said the president would not have a “kill-switch” for the Internet as previously reported.
The NCCC director would have operational authority over civilian networks, a civilian counterpart to the position occupied by Gen. Keith Alexander, head of the National Security Agency and commander of the new U.S. Cyber Command. The president would appoint the director, who would then undergo Senate confirmation and report directly to the secretary of Homeland Security.
The bill also would allow the president to declare a national cyber-emergency. After notifying Congress, he could order immediate measures be taken to safeguard any critical assets.
The lawmakers argued the emergency measures are part of a “reasonable framework,” as they would expire after 30 days. But the bill would allow the president or NCCC director to extend them simply by saying in writing that a threat still exists.

Leave a Reply

You must be logged in to post a comment.