Cyber-security Bill Could Increase Powers of DHS, President
If a new security bill makes it through Congress, CIOs could be answering to a higher level of management than the CEO, chairman or board of directors. The new bill allows for emergency powers to be granted to the president of the United States when critical infrastructure is threatened.The Protecting Cyberspace as a National Asset Act of 2010, S.3480 as introduced by ranking Senate members of the Homeland Security and Governmental Affairs Committee, is intended to create an Office of Cyber Policy in the executive branch of the government, confirmed by the Senate and ultimately reporting to the president.
The bill was presented publicly June 10 by Sens. Joe Lieberman, Blanche Lincoln and Tom Carper. Key parts of the bill include cooperation from the proprietors of what the government deems critical infrastructure networks such as electricity grids, financial systems and telecommunications networks.
"The Internet may have started out as a communications oddity some 40 years ago, but it is now a necessity of modern life, and, sadly, one that is under constant attack," Lieberman said in a statement June 10.
"The Protecting Cyberspace as a National Asset Act of 2010 is designed to bring together the disjointed efforts of multiple federal agencies and departments to prevent cyber-theft, intrusions and attacks across the federal government and the private sector. The bill would establish a clear organizational structure to lead federal efforts in safeguarding cyber-networks. And it would build a public-private partnership to increase the preparedness and resiliency of those private critical infrastructure cyber-networks upon which our way of life depends."
At issue, however, is to what extent the bill extends powers to the president in cases of emergency. Here is how a statement provided by the Homeland Security and Governmental Affairs Committee described the emergency powers presented in this bill:
Some in the technology industry are not keen on many of the regulatory aspects of the bill.
"An issue is the unintended consequences that could arise from any established set of standards, which does not allow for evolution on a timely basis," Liesyl Franz, vice president for global public policy at lobbying group TechAmerica, told Nextgov.com. TechAmerica supports self-certification over government-based standards. "What could be an effective standard today might not be tomorrow," Franz said.
"The notion that the government has a better idea than the owners and operators about how to manage risk is not even reasonable," Robert Dix, vice president of Government Affairs and Critical Infrastructure Protection at Juniper Networks, told Nextgov.com. "The paradigm needs to change from this kind of top-down push to a collaborative approach."
"Over the past few decades, our society has become increasingly dependent on the Internet, including our military, government and businesses of all kinds," Carper said. "While we have reaped enormous benefits from this powerful technology, unfortunately our enemies have identified cyberspace as an ideal 21st century battlefield. We have to take steps now to modernize our approach to protecting this valuable, but vulnerable, resource. This legislation is a vital tool that America needs to better protect cyberspace. It encourages the government and the private sector to work together to address this growing threat and provides the tools and resources for America to be successful in this critical effort."