Aides defend presidential powers in cybersecurity bill

Legislation does not allow 'shutdown' of the Internet, defenders say

Senate aides familiar with proposed legislation that would define the president’s power to deal with a cybersecurity emergency say the bill wouldn’t give the government sweeping control over the country’s digital infrastructure as some critics have claimed.

The controversy stems from language in a bill introduced in April by Sens. Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine). The measure’s original language said the president could declare a cybersecurity emergency and order the “shutdown” of Internet traffic to and from government systems or networks and those considered critical infrastructure. In addition, the president could, in the interest of national security, order the disconnection of such networks or systems.

Many critics took that to mean the president would be able to shut down the Internet by declaring a cybersecurity emergency. But Senate aides say the intention of the bill is to clarify the president’s authority to secure national cyber infrastructure from attack, which would be in line with the executive branch's existing power to lead response to national emergencies. Meanwhile, a second draft of the bill eliminates terms, such as “shutdown,” that fueled the controversy, according to one aide familiar with the legislation.

“To be very clear, the Rockefeller/Snowe bill will not empower a government shutdown or takeover of the Internet, and any suggestion otherwise is misleading and false,” said Jena Longo, a press officer for the majority on the Senate Commerce, Science and Transportation Committee, in a written statement. Rockefeller is chairman of the committee.

The firestorm erupted last month after a copy of the second draft was leaked to the press.

The aide said the legislation is evolving, and although it’s possible that quarantining or disconnecting a network could be the correct response to a particular attack, that would rarely be the case. The goal of the bill is to have a preplanned, agreed-upon public/private plan for dealing with cybersecurity emergencies and make it clear that the president would lead the response to such emergencies, the aide said.

Alan Paller, director of research at the SANS Institute, said such a national plan is necessary. When organizations suffer large-scale denial-of-service attacks, they usually can do nothing, he said. Only Internet service providers, which have control over networks, can take action.

“If you believe that cyberattacks will be part of warfare — and we have lots of reason to believe that – then you have to have a national strategy that allows you to respond quickly," he said. "ISPs have to be part of that solution under the direction of the president.”

Meanwhile, Roger Thornton, founder of Fortify Software, said that although the idea of emergency government powers over computer networks sounds a little unsettling, it isn’t alarming given the exceptional conditions that would trigger such a reaction.

“There’s really nothing that controversial about that when you consider that the president has powers to nationalize all sorts of things in the case of a national emergency,” he said, adding that the president also has the power to launch a nuclear strike.

“If you want to find something to not like, you’re going to find it" in the proposed legislation, said Thornton, who has seen the second draft of the bill. "If you want to find something to like, you’re going to find it because it’s broad and comprehensive.”

The Senate aide said the Rockefeller/Snowe bill attempted to outline a comprehensive plan and that aides from different committees are trying to coordinate their approaches.

The aide said the Homeland Security and Governmental Affairs Committee was also working on legislation, but the plan was still for the commerce committee to mark up the Rockefeller/Snowe legislation.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.


Reader comments

Thu, Oct 22, 2009 MS Wash,DC

Some believe that the President already has such authority under Title 47, Part 202. As stated above, what are the rules of engagment?

Fri, Sep 11, 2009 femtobeam

The authority in a Communications Emergency, already declared, rests with the senior scientist in charge of NIST and was written and passed into law by the Johnson administration. This is the chain of command. The bureaucrats have no ability to affect or act, just like a commander with no equipment and no force. The President needs to recognise that the Chinese and Moon led forces to overtake our communications networks are in full swing and the first order of business should be tough executive orders to stop all trade agreements and information sharing with China planned by Chu at DOE. There will be no sharing of Optical Systems. The President must act to protect the American people, whether they or Congress understand it or not. This is not a business deal.

Fri, Sep 11, 2009 DOD

A bill that would "clarify" the authority that already exits? When you hear this phrase coming from any politician, especially from this administration and Congress, you have to be skeptical. We have had nearly 8 months of power grabbing or attempted power grabbing and a higher than average amount of lies coming out of D.C. so I would not believe a word of it. If the authority is already there, there are only two reasons to add a law on the matter: restrict it or enlarge it. If you think these people are adding restrictions to this authority I have a bridge to sell you.

Fri, Sep 11, 2009 Glenn Schlarman Annandale, VA

Among the more troubling aspects of this proposal of course is the President will not be the one to actually take any action. Rather, it will be some bureaucrat at NSA or DOD or DHS that will in typical over-classified and over-reacting reflexive defensiveness convince policy officials to pull the plug. These are of course same bureaucrats who are unable to patch windows machines and thus let the Chinese et al have their way with DOD systems and shut down social networking software because it is so scary. Look out folks, seriously. What are the rules of engagement? Order of battle? And do any members of the public get to participate in setting them?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group