Cybersecurity Legislation Gains Traction

WASHINGTON, June 22, 2010 – House Intelligence Subcommittee Chairwoman Jane Harman, D-Calif., announced the consideration of new cybersecurity legislation introduced in the Senate last Wednesday. The bill, S. 3480, sponsored by Sens. Joseph Lieberman, I-Conn., Tom Carper, D-Del., and Susan Collins,

WASHINGTON, June 22, 2010 – House Intelligence Subcommittee Chairwoman Jane Harman, D-Calif., announced the consideration of new cybersecurity legislation introduced in the Senate last Wednesday.

The bill, S. 3480, sponsored by Sens. Joseph Lieberman, I-Conn., Tom Carper, D-Del., and Susan Collins, R-Maine, is the “Protecting Cyberspace as a National Asset Act.”

“I know that cyberspace is viewed by bad actors as the soft underbelly of our nation. In fact most – if not all – of our critical infrastructure is dependent upon the security and resiliency of America’s information infrastructure,” said Carper.

Collins added, “We cannot dither on what has become a significant national security issue. Every day, America’s cyberspace is under increasing assault. We must act now to develop a proactive strategy for protection and response, ahead of a damaging attack to our federal civilian systems or our most critical infrastructure systems.”

The proposed bill would have several effects on internet-related security policy. According to Carper’s office, the bill would:

o   Create a White House Office of Cyberspace Policy to lead all federal cybersecurity efforts. The office would be led by a Senate-confirmed director accountable to Congress and the public.

o   Create a National Center for Cybersecurity and Communications within the Department of Homeland Security to defend the dot-gov networks and oversee the defenses of our most critical infrastructure.

o   Set up a collaborative process between the government and the private sector to meet a baseline set of security requirements that DHS would enforce for the nation’s most critical infrastructure.

o   Require the federal government to develop and implement a strategy to ensure that almost $80 billion of the information technology products and services it purchases each year are secure and don’t provide adversaries with a backdoor into our networks.

o   Provide the president with clear authority to direct short-term emergency measures for a select group of critical infrastructure owners and operators in order to preserve their networks and protect the American people in the event of a catastrophic cyber attack that could seriously jeopardize public safety or have disastrous effects on our economy or national security.

o   Reform the way federal cybersecurity personnel are recruited, hired and trained to ensure that the government has the talent.

The Office of Cyberspace Policy would have expansive powers under this bill. Among these are the ability to “develop…a national strategy to increase the security and resiliency of cyberspace, that includes goals and objectives relating to computer network operations…information assurance, protection of critical infrastructure and key resources, research and development priorities, law enforcement, diplomacy, homeland security and military and intelligence activities.” The Director of the Office would also receive classified intelligence information pursuant to certain restrictions under the Homeland Security Act of 2002.

Section 247 details precise guidelines for how the government may choose to aid the private sector in developing programs related to private security. The government is tasked with “regularly assess[ing] and evaluat[ing] cybersecurity standards and guidelines issued by private sector organizations, recognized international and domestic standards setting organizations, and federal agencies.”

The measure could see some friction.

A controversial element of the bill is the so-called “kill switch” language: “The owner or operator of covered critical infrastructure shall immediately comply with any emergency measure or action developed by the director under this section during the pendency of any [emergency] declaration by the president.”

The term “critical infrastructure” is defined in the bill as referring to section 1016(e) of the Patriot Act, which defines “critical infrastructure” as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”

Opponents of the bill such as Justin Raimondo of Antiwar.com allege that the kill-switch language could include regular internet services like search engines, and that this expansiveness could allow the president to shut down the internet in a time of crisis.

A similar bill is sponsored in the House by Harman and Intelligence Subcommittee ranking member Peter King, R-N.Y.