Thursday, 09 April 2009 08:45

New Cybersecurity Regime Proposed

Written by  Ann Shibler

Power GridIntroduced just last week in the Senate, rather quietly, was the new Cybersecurity Act of 2009. Proposed by Sen. John D. Rockefeller IV (D-W.Va.) and Sen. Olympia Snowe (R-Maine), the legislation, in part, calls for the establishment of a national cybersecurity adviser, a cyber czar as it were. But, it’s getting a big boost now.

Earlier this week, a Wall Street Journal online report revealed that cyberspies from China and Russia had penetrated the U.S. electrical grid and had inserted their own software in order to disrupt the system at any time in the future when they so choose. The story was leaked to Journal by current and former national-security officials.

These supposed intrusions by the Russians and Chinese were detected not by the companies in charge of the infrastructure but by U.S. intelligence agencies, the officials said. A Department of Homeland Security personnel suggested, "If we go to war with them, they will try to turn them on."

The story was picked up by other media sources and soon all sorts of scenarios were constructed, dissected, and debated until everyone was quite certain something has to be done. The Journal even posted an online poll, “How worried are you that a cyberattack could damage U.S. Infrastructure? Very, Somewhat, or Not at all worried.”

Wasn’t it fortuitous, then, that those who are bent on looking into and controlling every aspect of our lives and businesses had already foreseen such possible disasters and had already introduced S. 773, the Cybersecurity Act of 2009? Forbes calls it “The Feds’ Timely Cyber Alarm.”

The rather comprehensive legislation seeks “the development of a cadre of information technology specialists to improve and maintain effective cybersecurity defenses against disruptions, and for other purposes.” The bill also enables the president to "declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic,” with no exact definition of “cybersecurity emergency” given. 

A newly created Cybersecurity Advisory Panel would be composed of outside experts from industry, academia, and nonprofit groups who would advise the president, as well as creation of a public-private clearinghouse for cyber-threat and vulnerability information sharing, establishment of “measurable and auditable cybersecurity standards” from the National Institute of Standards and Technology, along with licensing and certifying those who perform cyber security functions, now to be known as cybersecurity professionals.

This most bloated of bureaucracies would also review boards that would make and submit cyclic reports, and regional and state cyber centers that watch over businesses in order to keep them safe. The domain name addressing system would also be taken over under the legislation.

An Office of the National Cybersecurity Advisor would be established. The cyber czar who heads it would take the lead on Internet security matters and also coordinate with the intelligence community and the private sector per S. 778, a companion bill.

The text in S. 773 that addresses civil liberties is short, but broad:

Within 1 year after the date of enactment of this Act, the President, or the President’s designee, shall review, and report to Congress, on the feasibility of an identity management and authentication program, with the appropriate civil liberties and privacy protections, for government and critical infrastructure information systems and networks.

Some experts have interpreted this rather cryptic paragraph to mean that perhaps a unique digital ID will be required of each user, not only not protecting civil liberties, but instead making each user and said user’s Internet activities much easier to track, limit, and ultimately shut down.

Look for most politicians, academics, and cyber security companies to exaggerate the need for more and more security, as they tout this latest far-reaching bill as the hope and salvation of the Internet. Politicians always want to be seen as “doing something” about real or perceived threats for the folks back home, and also doling out money in the form of grants to big constituents.

The federalization of the computer security sector via this new cyber regime would unnecessarily further burden taxpayers, but the loss to civil liberties could easily be gargantuan in time. It establishes in essence, a government cartel. The feds would eliminate all competition in the field, prices would increase, a whole new definition of the phrase bureaucratic quagmire would be experienced, and the flow of information would be easily controlled.

Please Log In To Comment
Log in