Home / Blogs

Government Regulation of Cybersecurity: Partnership (or Power Grab) in the Making?

Mike Dailey

A cybersecurity bill introduced in the U.S. Senate on April 1st, 2009 would give the United States federal government extraordinary power over private sector Internet services, applications and software. This proposed legislation is a direct result of a review ordered by the Obama administration into government policies and processes for defending against Internet-born attack.

The focus of the bill, according to a summary released by the sponsoring senators, is on establishing a new partnership between the public and private sectors in a joint effort to bolster Internet security.

This comprehensive legislation addresses our country's unacceptable vulnerability to massive cyber crime, global cyber espionage, and cyber attacks that could cripple our critical infrastructure.

We presently have systems to protect our nation's secrets and our government networks against cyber espionage, and it is imperative that those cyber defenses keep up with our enemies' cyber capabilities. However, another great vulnerability our country faces is the threat to our private sector critical infrastructure-banking, utilities, air/rail/auto traffic control, telecommunications-from disruptive cyber attacks that could literally shut down our way of life.

This proposed legislation will bring new high-level governmental attention to develop a fully integrated, thoroughly coordinated, public-private partnership to our cyber security efforts in the 21st century.

The bill, entitled Cybersecurity Act of 2009, calls for the creation of a Cybersecurity Advisory Panel composed of outside experts from industry, academia, and nonprofit groups that would advise the president on cybersecurity policy and direction. The bill would give the President the authority to shut down Internet traffic in emergencies or disconnect any critical infrastructure system or network in the interests of national security. The bill would also grant the Commerce Department the ability to override all privacy laws to gain access to any information about Internet usage.

(a) DESIGNATION.—The Department of Commerce shall serve as the clearinghouse of cybersecurity threat and vulnerability information to Federal government and private sector owned critical infrastructure information systems and networks.

(b) FUNCTIONS.—The Secretary of Commerce-(1) shall have access to all relevant data concerning such networks without regard to any provision of law, regulation, rule, or policy restricting such access;

The bill also provides federal authority to license and certify information technology professionals dealing with cybersecurity, and makes it a federal crime to perform any duty currently related to cybersecurity without the federal license.

(a) IN GENERAL.—Within 1 year after the date of enactment of this Act, the Secretary of Commerce shall develop or coordinate and integrate a national licensing, certification, and periodic recertification program for cybersecurity professionals

(b) MANDATORY LICENSING.—Beginning 3 years after the date of enactment of this Act, it shall be unlawful for any individual to engage in business in the United States, or to be employed in the United States, as a provider of cybersecurity services to any Federal agency or an information system or network designated by the President, or the President's designee, as a critical infrastructure information system or network, who is not licensed and certified under the program.

Further, the bill establishes a timetable for a federal review and report of existing electronic privacy and security legislation.

(a) IN GENERAL.—Within 1 year after the date of enactment of this Act, the President, or the President's designee, through an appropriate entity, shall complete a comprehensive review of the Federal statutory and legal framework applicable to cyber-related activities in the United States, including—

(1) the Privacy Protection Act of 1980 (42 U.S.C. 2000aa);
(2) the Electronic Communications Privacy Act of 1986 (18 U.S.C. 2510 note);
(3) the Computer Security Act of 1987 (15 U.S.C. 271 et seq; 40 U.S.C. 759);
(4) the Federal Information Security Management Act of 2002 (44 U.S.C. 3531 et seq.);
(5) the E-Government Act of 2002 (44 U.S.C. 9501 et seq.);
(6) the Defense Production Act of 1950 (50 U.S.C. App. 2061 et seq.);
(7) any other Federal law bearing upon cyber related activities; and
(7) any applicable Executive Order or agency rule, regulation, guideline.

The bill, introduced by Sens. John Rockefeller and Olympia Snowe, would also give the federal government unprecedented and sweeping control over computer software, Internet services, and online privacy all in the interests of national security. Center for Democracy & Technology (CDT) President and CEO Leslie Harris said, "The cybersecurity threat is real, but such a drastic federal intervention in private communications technology and networks could harm both security and privacy."

While this new initiative holds promise, the question remains as to whether or not more government regulation and oversight will produce a more secure Internet. Some critics are concerned with the establishment of more government to handle cybersecurity initiatives, when the responsibility appears to fall under the role of the National Security Adviser. Others are concerned with the scope of powers granted to the federal government if the bill is signed in to law as written. The presidential powers granted as part of the proposed legislation would be "a sweeping federal takeover of cybersecurity " responsibilities, said Ms. Harris.

By Mike Dailey, IT Architect and Sr. Network Engineer. More blog posts from Mike Dailey can also be read here.

Related topics: Cyberattack, Cybercrime, Internet Governance, Law, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


Anyone else concerned about this? Bruce Van Nice  –  Apr 08, 2009 10:22 AM PDT

Looks like the elephant's trunk is nosing around the entrance to the Internet tent.
Does anyone really think once the government gets involved their "help" will stop with improving security?  For that matter does anyone really believe they can help with security?  How many of you security professionals are anxious to have the government control your lives (salary caps anyone!)? 

Next year we'll get Internet taxes because it is only fair that since the government is securing the Internet that they find a way to pay for it.  Then there'll be all kinds of special interest "initiatives" that will get imposed. 

The Internet is going to look radically different in 5 years if the government gets more involved.  Why would anyone want this to happen?

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

US Court Grants DCA Trust's Motion for Preliminary Injunction on .Africa gTLD

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

2015 Trends: Multi-channel, Streaming Media and the Growth of Fraud

Season's Greetings - 2015 End of Year Message from DotConnectAfrica

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

"The Market Has No Morality" Sophia Bekele Speaks on Business Ethics and Accountability

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Dyn Comments on ICG Proposal for IANA Transition

Sponsored Topics



Sponsored by


Sponsored by
Afilias - Mobile & Web Services


Sponsored by
Afilias - Mobile & Web Services

DNS Security

Sponsored by