President's veto power over Internet removed in amended bill
When the Cybersecurity Act of 2009 was originally proposed, this sweeping overhaul of the nation's cybersecurity apparatus contained a provision that would give the president the power to shut down the Internet in the event of a major cyberattack. Needless to say, the idea of giving an Internet kill switch to Obama was wildly unpopular with everyone from civil libertarians to the Fox News crowd, and the bill didn't make it very far.
The bill's sponsors, Sens. Jay Rockefeller (D-WV) and Olympia Snowe (R-ME), amended the bill [PDF] last week and dropped the controversial kill switch provision. In the modified version of the bill, which is now the Cybersecurity Act of 2010, S. 773, the president will work with government agencies and the private sector to define a set of objective criteria for what constitutes a national cybersecurity emergency. The president will also work with those same parties to develop a coordinated plan of action that will kick in when such an emergency is formally declared.
The combination of agreed-upon objective criteria and a preexisting plan that's collaboratively developed with the owners of critical network infrastructure is by itself a significant improvement over the former version's unilateral presidential shutdown power, but the amendment goes even further by explicitly declaring that, "This section does not authorize, and shall not be construed to authorize, an expansion of existing Presidential authorities."
Despite the modifications, the new bill is still substantially the same as the old one in many respects. The act still aims to organize the mess of federal cybersecurity efforts, and to increase collaboration between the public and private sectors. The latter goal is especially important, because most of the the critical infrastructure that the bill is designed to protect is privately owned. So the government will have to collaborate with network operators, utility companies, federal contractors, the financial sector, and other sectors to achieve any worthwhile cybersecurity goals.
Other parts of the bill provide for the development of cybersecurity expertise by funding scholarships and academic programs, and one section aims to "establish cybersecurity competitions and challenges with cash prizes, and promulgate rules for participation in such competitions and challenges."
The Senate Commerce, Science and Transportation Committee will review the bill this coming Wednesday in a markup session, after which point it will have to be reconciled with the Cybersecurity Enhancement Act of 2009 (HR 4061), which the House passed last month. If the Senate bill makes progress, it's possible that major cybersecurity legislation will end up on the president's desk before the end of the year.
0 comments