Home / Blogs

Government Regulation of Cybersecurity: Partnership (or Power Grab) in the Making?

Mike Dailey

A cybersecurity bill introduced in the U.S. Senate on April 1st, 2009 would give the United States federal government extraordinary power over private sector Internet services, applications and software. This proposed legislation is a direct result of a review ordered by the Obama administration into government policies and processes for defending against Internet-born attack.

The focus of the bill, according to a summary released by the sponsoring senators, is on establishing a new partnership between the public and private sectors in a joint effort to bolster Internet security.

This comprehensive legislation addresses our country's unacceptable vulnerability to massive cyber crime, global cyber espionage, and cyber attacks that could cripple our critical infrastructure.

We presently have systems to protect our nation's secrets and our government networks against cyber espionage, and it is imperative that those cyber defenses keep up with our enemies' cyber capabilities. However, another great vulnerability our country faces is the threat to our private sector critical infrastructure-banking, utilities, air/rail/auto traffic control, telecommunications-from disruptive cyber attacks that could literally shut down our way of life.

This proposed legislation will bring new high-level governmental attention to develop a fully integrated, thoroughly coordinated, public-private partnership to our cyber security efforts in the 21st century.

The bill, entitled Cybersecurity Act of 2009, calls for the creation of a Cybersecurity Advisory Panel composed of outside experts from industry, academia, and nonprofit groups that would advise the president on cybersecurity policy and direction. The bill would give the President the authority to shut down Internet traffic in emergencies or disconnect any critical infrastructure system or network in the interests of national security. The bill would also grant the Commerce Department the ability to override all privacy laws to gain access to any information about Internet usage.

(a) DESIGNATION.—The Department of Commerce shall serve as the clearinghouse of cybersecurity threat and vulnerability information to Federal government and private sector owned critical infrastructure information systems and networks.

(b) FUNCTIONS.—The Secretary of Commerce-(1) shall have access to all relevant data concerning such networks without regard to any provision of law, regulation, rule, or policy restricting such access;

The bill also provides federal authority to license and certify information technology professionals dealing with cybersecurity, and makes it a federal crime to perform any duty currently related to cybersecurity without the federal license.

SEC. 7. LICENSING AND CERTIFICATION OF CYBERSECURITY PROFESSIONALS.
(a) IN GENERAL.—Within 1 year after the date of enactment of this Act, the Secretary of Commerce shall develop or coordinate and integrate a national licensing, certification, and periodic recertification program for cybersecurity professionals

(b) MANDATORY LICENSING.—Beginning 3 years after the date of enactment of this Act, it shall be unlawful for any individual to engage in business in the United States, or to be employed in the United States, as a provider of cybersecurity services to any Federal agency or an information system or network designated by the President, or the President's designee, as a critical infrastructure information system or network, who is not licensed and certified under the program.

Further, the bill establishes a timetable for a federal review and report of existing electronic privacy and security legislation.

(a) IN GENERAL.—Within 1 year after the date of enactment of this Act, the President, or the President's designee, through an appropriate entity, shall complete a comprehensive review of the Federal statutory and legal framework applicable to cyber-related activities in the United States, including—

(1) the Privacy Protection Act of 1980 (42 U.S.C. 2000aa);
(2) the Electronic Communications Privacy Act of 1986 (18 U.S.C. 2510 note);
(3) the Computer Security Act of 1987 (15 U.S.C. 271 et seq; 40 U.S.C. 759);
(4) the Federal Information Security Management Act of 2002 (44 U.S.C. 3531 et seq.);
(5) the E-Government Act of 2002 (44 U.S.C. 9501 et seq.);
(6) the Defense Production Act of 1950 (50 U.S.C. App. 2061 et seq.);
(7) any other Federal law bearing upon cyber related activities; and
(7) any applicable Executive Order or agency rule, regulation, guideline.

The bill, introduced by Sens. John Rockefeller and Olympia Snowe, would also give the federal government unprecedented and sweeping control over computer software, Internet services, and online privacy all in the interests of national security. Center for Democracy & Technology (CDT) President and CEO Leslie Harris said, "The cybersecurity threat is real, but such a drastic federal intervention in private communications technology and networks could harm both security and privacy."

While this new initiative holds promise, the question remains as to whether or not more government regulation and oversight will produce a more secure Internet. Some critics are concerned with the establishment of more government to handle cybersecurity initiatives, when the responsibility appears to fall under the role of the National Security Adviser. Others are concerned with the scope of powers granted to the federal government if the bill is signed in to law as written. The presidential powers granted as part of the proposed legislation would be "a sweeping federal takeover of cybersecurity " responsibilities, said Ms. Harris.

By Mike Dailey, IT Architect and Sr. Network Engineer. More blog posts from Mike Dailey can also be read here.

Related topics: Cyberattack, Cybercrime, Internet Governance, Law, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Anyone else concerned about this? Bruce Van Nice  –  Apr 08, 2009 10:22 AM PDT

Looks like the elephant's trunk is nosing around the entrance to the Internet tent.
Does anyone really think once the government gets involved their "help" will stop with improving security?  For that matter does anyone really believe they can help with security?  How many of you security professionals are anxious to have the government control your lives (salary caps anyone!)? 

Next year we'll get Internet taxes because it is only fair that since the government is securing the Internet that they find a way to pay for it.  Then there'll be all kinds of special interest "initiatives" that will get imposed. 

The Internet is going to look radically different in 5 years if the government gets more involved.  Why would anyone want this to happen?

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

ICANN London Recap Webinar

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

Sophia Bekele Weighs in on Obama's August US-Africa Leader Summit at the NYF Africa

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

DotConnectAfrica's Expert Selected to Attend the Hague Institute of Global Justice

DotConnectAfrica Delegates Attend the KHRC Internet & Human Rights Breakfast Roundtable in Nairobi

Smokescreening: Data Theft Makes DDoS More Dangerous

Internet Business Council for Africa Participates at the EU-Africa 2014 Business Forum, Brussels

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

DotConnectAfrica Statement Regarding NTIA's Intent to Transition Key Internet Domain Name Function

What Does a DDoS Attack Look Like? (Watch First 3 Minutes of an Actual Attack)

Joining Forces to Advance Protection Against Growing Diversity of DDoS Attacks

Afilias Joins Internet Technical Leaders in Welcoming IANA Globalization Progress

Why Managed DNS Means Secure DNS

Sponsored Topics