Businesses who don’t follow government orders would be suspended for at least 90 days with no congressional oversight
An amalgamated cybersecurity bill that lawmakers hope to pass before the end of the year includes new powers which would allow President Obama to shut down not only entire areas of the Internet, but also businesses and industries that fail to comply with government orders following the declaration of a national emergency – increasing fears that the legislation will be abused as a political tool.
The draft bill is a combination of two pieces of legislation originally crafted by Senators Lieberman and Rockefeller. One of the differences between the new bill and the original Lieberman version is that the Internet “kill switch” power has been limited to 90 days without congressional oversight, rather than the original period of four months contained in the Lieberman bill.
In other words, President Obama can issue an emergency declaration that lasts 30 days and he can renew it for a further 60 days before congress can step in to oversee the powers.
The new powers would give Obama a free hand to not only shut down entire areas of the Internet and block all Internet traffic from certain countries, but under the amalgamated bill he would also have the power to completely shut down industries that don’t follow government orders,according to a Reuters summary of the new bill.
“Industries, companies or portions of companies could be temporarily shut down, or be required to take other steps to address threats,” states the report, citing concerns about an “imminent threat to the U.S. electrical grid or other critical infrastructure such as the water supply or financial network.”
The only protection afforded to companies under the new laws is that they would have to be defined as “critical” in order to come under government regulation, but since the government itself would decide to what companies this label applies, it’s hardly a comforting layer of security.
“Even in the absence of an imminent threat, companies could face government scrutiny. Company employees working in cybersecurity would need appropriate skills. It also would require companies to report cyber threats to the government, and to have plans for responding to a cyber attack,” states the report.
As we have highlighted, the threat from cyber-terrorists to the U.S. power grid or water supply is minimal. The perpetrators of an attack on such infrastructure would have to have direct physical access to the systems that operate these plants to cause any damage. The recent Stuxnet malware attack, for example, was introduced and spread through a physical USB device, not via the public Internet.
Any perceived threat from the public Internet to these systems is therefore completely contrived and strips bare what many fear is the real agenda behind cybersecurity – to enable the government to regulate free speech on the Internet.
Handing Obama the power to shut down certain companies or businesses is likely to heighten already existing fears that the new cybersecurity federal bureaucracy could be used as a political tool.
As we reported back in March, the Obama administration’s release of the Comprehensive National Cybersecurity Initiative, a government plan to “secure” (or control) the nation’s public and private sector computer networks, coincided with Democrats attempting to claim that the independent news website The Drudge Report was serving malware, an incident Senator Jim Inhofe described as a deliberate ploy “to discourage people from using Drudge”.
Senator Joe Lieberman appeared to admit that the legislation had more to do with simply protecting US infrastructure when he told CNN’s Candy Crowley that the bill was intended to mimic the Communist Chinese system of Internet policing.
“Right now China, the government, can disconnect parts of its Internet in case of war and we need to have that here too,” said Lieberman.
As we have documented, the Chinese government does not disconnect parts of the Internet because of genuine security concerns, it habitually does so only to oppress and silence victims of government abuse and atrocities, and to strangle dissent against the state, a practice many fear is the ultimate intention of cybersecurity in the United States.
The implementation of the cybersecurity apparatus would represent another huge expansion of the federal government, creating an Office of Cyber Policy within the executive branch and also “A new National Center for Cybersecurity and Communications (NCCC) within the Department of Homeland Security, led by a separate director who would enforce cybersecurity policies throughout the government and the private sector.”
Lawmakers have indicated that they intend to push through the bill before the end of the year, though with Congress set to leave Friday amidst deadlock on a number of issues, cybersecurity looks like it will have to wait until mid-November, providing its opponents with extra time to point out the inherent threats the legislation poses to free speech and free enterprise.