Aides defend presidential powers in cybersecurity bill

Legislation does not allow 'shutdown' of the Internet, defenders say

Senate aides familiar with proposed legislation that would define the president’s power to deal with a cybersecurity emergency say the bill wouldn’t give the government sweeping control over the country’s digital infrastructure as some critics have claimed.

The controversy stems from language in a bill introduced in April by Sens. Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine). The measure’s original language said the president could declare a cybersecurity emergency and order the “shutdown” of Internet traffic to and from government systems or networks and those considered critical infrastructure. In addition, the president could, in the interest of national security, order the disconnection of such networks or systems.

Many critics took that to mean the president would be able to shut down the Internet by declaring a cybersecurity emergency. But Senate aides say the intention of the bill is to clarify the president’s authority to secure national cyber infrastructure from attack, which would be in line with the executive branch's existing power to lead response to national emergencies. Meanwhile, a second draft of the bill eliminates terms, such as “shutdown,” that fueled the controversy, according to one aide familiar with the legislation.

“To be very clear, the Rockefeller/Snowe bill will not empower a government shutdown or takeover of the Internet, and any suggestion otherwise is misleading and false,” said Jena Longo, a press officer for the majority on the Senate Commerce, Science and Transportation Committee, in a written statement. Rockefeller is chairman of the committee.

The firestorm erupted last month after a copy of the second draft was leaked to the press.

The aide said the legislation is evolving, and although it’s possible that quarantining or disconnecting a network could be the correct response to a particular attack, that would rarely be the case. The goal of the bill is to have a preplanned, agreed-upon public/private plan for dealing with cybersecurity emergencies and make it clear that the president would lead the response to such emergencies, the aide said.

Alan Paller, director of research at the SANS Institute, said such a national plan is necessary. When organizations suffer large-scale denial-of-service attacks, they usually can do nothing, he said. Only Internet service providers, which have control over networks, can take action.

“If you believe that cyberattacks will be part of warfare — and we have lots of reason to believe that – then you have to have a national strategy that allows you to respond quickly," he said. "ISPs have to be part of that solution under the direction of the president.”

Meanwhile, Roger Thornton, founder of Fortify Software, said that although the idea of emergency government powers over computer networks sounds a little unsettling, it isn’t alarming given the exceptional conditions that would trigger such a reaction.

“There’s really nothing that controversial about that when you consider that the president has powers to nationalize all sorts of things in the case of a national emergency,” he said, adding that the president also has the power to launch a nuclear strike.

“If you want to find something to not like, you’re going to find it" in the proposed legislation, said Thornton, who has seen the second draft of the bill. "If you want to find something to like, you’re going to find it because it’s broad and comprehensive.”

The Senate aide said the Rockefeller/Snowe bill attempted to outline a comprehensive plan and that aides from different committees are trying to coordinate their approaches.

The aide said the Homeland Security and Governmental Affairs Committee was also working on legislation, but the plan was still for the commerce committee to mark up the Rockefeller/Snowe legislation.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.