Home / Blogs

Government Regulation of Cybersecurity: Partnership (or Power Grab) in the Making?

Mike Dailey

A cybersecurity bill introduced in the U.S. Senate on April 1st, 2009 would give the United States federal government extraordinary power over private sector Internet services, applications and software. This proposed legislation is a direct result of a review ordered by the Obama administration into government policies and processes for defending against Internet-born attack.

The focus of the bill, according to a summary released by the sponsoring senators, is on establishing a new partnership between the public and private sectors in a joint effort to bolster Internet security.

This comprehensive legislation addresses our country's unacceptable vulnerability to massive cyber crime, global cyber espionage, and cyber attacks that could cripple our critical infrastructure.

We presently have systems to protect our nation's secrets and our government networks against cyber espionage, and it is imperative that those cyber defenses keep up with our enemies' cyber capabilities. However, another great vulnerability our country faces is the threat to our private sector critical infrastructure-banking, utilities, air/rail/auto traffic control, telecommunications-from disruptive cyber attacks that could literally shut down our way of life.

This proposed legislation will bring new high-level governmental attention to develop a fully integrated, thoroughly coordinated, public-private partnership to our cyber security efforts in the 21st century.

The bill, entitled Cybersecurity Act of 2009, calls for the creation of a Cybersecurity Advisory Panel composed of outside experts from industry, academia, and nonprofit groups that would advise the president on cybersecurity policy and direction. The bill would give the President the authority to shut down Internet traffic in emergencies or disconnect any critical infrastructure system or network in the interests of national security. The bill would also grant the Commerce Department the ability to override all privacy laws to gain access to any information about Internet usage.

(a) DESIGNATION.—The Department of Commerce shall serve as the clearinghouse of cybersecurity threat and vulnerability information to Federal government and private sector owned critical infrastructure information systems and networks.

(b) FUNCTIONS.—The Secretary of Commerce-(1) shall have access to all relevant data concerning such networks without regard to any provision of law, regulation, rule, or policy restricting such access;

The bill also provides federal authority to license and certify information technology professionals dealing with cybersecurity, and makes it a federal crime to perform any duty currently related to cybersecurity without the federal license.

(a) IN GENERAL.—Within 1 year after the date of enactment of this Act, the Secretary of Commerce shall develop or coordinate and integrate a national licensing, certification, and periodic recertification program for cybersecurity professionals

(b) MANDATORY LICENSING.—Beginning 3 years after the date of enactment of this Act, it shall be unlawful for any individual to engage in business in the United States, or to be employed in the United States, as a provider of cybersecurity services to any Federal agency or an information system or network designated by the President, or the President's designee, as a critical infrastructure information system or network, who is not licensed and certified under the program.

Further, the bill establishes a timetable for a federal review and report of existing electronic privacy and security legislation.

(a) IN GENERAL.—Within 1 year after the date of enactment of this Act, the President, or the President's designee, through an appropriate entity, shall complete a comprehensive review of the Federal statutory and legal framework applicable to cyber-related activities in the United States, including—

(1) the Privacy Protection Act of 1980 (42 U.S.C. 2000aa);
(2) the Electronic Communications Privacy Act of 1986 (18 U.S.C. 2510 note);
(3) the Computer Security Act of 1987 (15 U.S.C. 271 et seq; 40 U.S.C. 759);
(4) the Federal Information Security Management Act of 2002 (44 U.S.C. 3531 et seq.);
(5) the E-Government Act of 2002 (44 U.S.C. 9501 et seq.);
(6) the Defense Production Act of 1950 (50 U.S.C. App. 2061 et seq.);
(7) any other Federal law bearing upon cyber related activities; and
(7) any applicable Executive Order or agency rule, regulation, guideline.

The bill, introduced by Sens. John Rockefeller and Olympia Snowe, would also give the federal government unprecedented and sweeping control over computer software, Internet services, and online privacy all in the interests of national security. Center for Democracy & Technology (CDT) President and CEO Leslie Harris said, "The cybersecurity threat is real, but such a drastic federal intervention in private communications technology and networks could harm both security and privacy."

While this new initiative holds promise, the question remains as to whether or not more government regulation and oversight will produce a more secure Internet. Some critics are concerned with the establishment of more government to handle cybersecurity initiatives, when the responsibility appears to fall under the role of the National Security Adviser. Others are concerned with the scope of powers granted to the federal government if the bill is signed in to law as written. The presidential powers granted as part of the proposed legislation would be "a sweeping federal takeover of cybersecurity " responsibilities, said Ms. Harris.

By Mike Dailey, IT Architect and Sr. Network Engineer. More blog posts from Mike Dailey can also be read here.

Related topics: Cyberattack, Cybercrime, Cybersecurity, Internet Governance, Law


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


Anyone else concerned about this? Bruce Van Nice  –  Apr 08, 2009 10:22 AM PDT

Looks like the elephant's trunk is nosing around the entrance to the Internet tent.
Does anyone really think once the government gets involved their "help" will stop with improving security?  For that matter does anyone really believe they can help with security?  How many of you security professionals are anxious to have the government control your lives (salary caps anyone!)? 

Next year we'll get Internet taxes because it is only fair that since the government is securing the Internet that they find a way to pay for it.  Then there'll be all kinds of special interest "initiatives" that will get imposed. 

The Internet is going to look radically different in 5 years if the government gets more involved.  Why would anyone want this to happen?

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper


Sponsored by Verisign

IP Addressing

Sponsored by Avenue4 LLC

Mobile Internet

Sponsored by Afilias Mobile & Web Services

DNS Security

Sponsored by Afilias

Promoted Post

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Join Neustar's Town Hall Meeting and Help Shape the Future Of .US

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Why the Record Number of Reverse Domain Name Hijacking UDRP Filings in 2016?

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks