CYBEREYE

Let’s kill the kill-switch debate

Hysteria over presidential power to turn off the Internet is politics, not cybersecurity

Let’s all get a grip on ourselves and forget about the supposed “kill switch” in the cybersecurity legislation introduced last month by Sen. Joseph Lieberman (I-Conn.) and look at the reality instead.

There has been a lot of outrage expressed in recent weeks, much of it by unquestioning bloggers, about national emergency provisions that would empower the president to turn off the Internet — whatever that means. From what I can see, there is no such provision in the bill. And there doesn’t need to be. The president of the United States, as commander in chief of the armed forces and the executive in charge in any emergency, already has broad powers that could be construed to allow control of vital resources without any help from Sen. Lieberman or his bill.

The present concerns have more to do with politics and business than with cybersecurity and the sanctity of the Internet.


Related stories:

President has had ‘kill switch’ for communications since 1934

DHS would be cyber power center under Lieberman/Collins proposal


Present cybersecurity strategies call for the National Security Agency to protect military and intelligence IT systems, puts the Homeland Security Department in charge of securing the .gov domain, and depends on the private sector to defend its resources. They are all supposed to cooperate, but just how is not spelled out, and what we have now is a fragmented and largely dysfunctional system.

The Protecting Cyberspace as a National Asset Act of 2010, S. 3480, would amend the Homeland Security Act to create a comprehensive framework for cybersecurity, putting DHS in charge of the security of the nation’s critical infrastructure, including the Internet. It creates an office and director of cyberspace policy that would require all agencies and companies controlling critical infrastructure to have emergency response plans that would be activated during a “national cyber emergency.”

The bill defines such an emergency as, “an actual or imminent action by any individual or entity to exploit a cyber vulnerability in a manner that disrupts, attempts to disrupt, or poses a significant risk of disruption to the operation of the information infrastructure essential to the reliable operation of covered critical infrastructure.” Once the president declares such an emergency, the director would order implementation of the response plans and “develop and coordinate emergency measures or actions necessary to preserve the reliable operation and mitigate or remediate the consequences of the potential disruption,” and to address the exploited vulnerabilities.

This is supposed to be accomplished with the “least disruptive means feasible,” but it does give the president and director a lot of leeway.

Overall, however, if Lieberman and Congress wanted to give the president authority to shut down or control the Internet, this is a pretty clumsy way to do it. First of all, extending an emergency beyond the 30-day limit would require renewing the declaration every 30 days. Secondly, the bill gives deference to the private sector in its response plans and security measures, making it difficult for the government to effectively impose broad restrictions. Thirdly, the director during an emergency must consult with the secretary of Defense and the directors of NSA and the National Institute of Standards and Technology, as well as any other agencies involved.

There is little doubt that these provisions could be abused, but to describe as a kill switch systematic measures intended to respond to serious threats is hyperbole, to say the least. It is hard to imagine any type of meaningful defensive system, physical or logical, that would not be liable to abuse.

I am not sure that the Lieberman bill is the best blueprint for a defensive system for cyberspace, but the bill should be debated on it real merits and not with politically motivated arguments or scare tactics used by an industry lobbying against any type of regulation.

 

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Sat, Jul 10, 2010

"forget about the supposed 'kill switch' in the cyber security legislation....would empower the president to turn off the internet--whatever that means." And you call the bloggers who oppose this bill unquestioning? Everyone has a vested interest in the internet, especially the IT developers. It needs no extra protection from our government. There is no such thing as a cyber security threat so large that all networks would have to be shut down. If Leiberman wants to protect government networks this way then that's fine but leave everyone else alone. There is nothing more to this legislation other than an assault on free speech and a threat to our economy. Contact your senators and tell them to vote this act down. Hasn't homeland security taken enough of your rights? You'll realize it when it's too late. Again, tell your senators to vote no on S.3480

Tue, Jul 6, 2010 Jim Maryland

Tried that in 1988. Doesn't work. Should learn a few things before fooling with what you do not know.

Tue, Jul 6, 2010 Gene

George Will once said that if there really was a "nuclear button" in the White House, someone would have long ago set a coffee cup down on it.

Tue, Jul 6, 2010 guest

How can the federal government legally turn off something they don't own and geographicaly goes outside the national borders? Just wondering...

Tue, Jul 6, 2010 Blog Smith East of Eden

Why do you need a bill? Answer: you don't. Procedurally, the government system will be defended in any case without a bill.

Thus, the cyber bill is similar to police on the Gulf restricting and supervising non-terrorist actors.

Policing does nothing about cyber security but it does much about stifling ordinary human beings.

You are correct; its political.



Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above