Sen. Rockefeller(D-W. Virginia) and Sen. Snowe(R-Maine) introduced a bill on April 1 called "The Cybersecurity Act of 2009". Rockefeller is concerned that "critical infrastructure" could be harmed in Internet attacks. I agree with Jim Harper over at the Cato Institute, that this is a reason to keep key infrastructure off the Internet--something most financial institutions, water and sewer services, and electrical grid operators already do. But in the Washington Post, Rockefeller says:
"People say this is a military or intelligence concern, but it's a lot more than that, it suddenly gets into the realm of traffic lights and rail networks and water and electricity."Instead of arguing that key physical infrastructure should pursue the cautious and prudent course by not relying on the Internet, Rockefeller thinks that federalizing internet security will do the trick. Or, as Jim Harper phrases it:
But in the debate over raising the bridge or lowering the river, Rockefeller is choosing the policy that most enthuses and involves him: Get critical infrastructure onto the Internet and get the government into the cyber security business.Roy Mark over at eweek lays out the full details of the 51-page bill:
That’s a recipe for disaster. The right answer is to warn the operators of key infrastructure to keep critical functions off the Internet and let markets and tort law hold them responsible should they fail to maintain themselves operational.
According to the bill's language, the president would have broad authority to designate various private networks as a "critical infrastructure system or network" and, with no other review, "may declare a cyber-security emergency and order the limitation or shutdown of Internet traffic to and from" the designated the private-sector system or network.He goes on to say:
The bill would also impose mandates for designated private networks and systems, including standardized security software, testing, licensing and certification of cyber-security professionals.It seems that the government isn't content with just running banks and auto companies, now it wants to standardize how private companies implement Internet security, as well as reserve the right to cut off portions of the Internet without so much as a word from Congress or the courts.
I'm certain that Sen. Rockefeller didn't mean to say it this way, but here's the direct transcription of his words on March 24th:
[Two former Directors of National Intelligence] have labeled cybersecurity perpetrated through the internet as the #1 national hazard of attack on the homeland.I couldn't have said it better myself, Senator.