The arguments for (and against) an Internet kill switch

The "Internet kill-switch" that might have been included in earlier cybersecurity bills (and maybe not) provoked a great deal of argument. The idea that the president might have a means to actually shut down the Internet, or even part of it, during a cyber-emergency evoked a lot of concern.

However, applying the same concept on a departmental level within the federal government could be a good idea, according to some.

Panelists at MeriTalk’s June 26 cybersecurity discussion on Capitol Hill explored the hotly debated issue of an Internet kill switch – a single shutoff mechanism that would halt all online traffic during a cyber emergency.

In the event an agency has a security breach, should the Homeland Security Department be able to cut off its Internet access while the threat is being mitigated? asked an event attendee.

The state of Delaware’s central IT organization already has that capability in place but “the legislative branch is not happy that we have that authority,” said William Hickox, chief operating officer at Delaware Department of Technology and Information.

“It’s a kill switch on a departmental level, and we will use it to protect the department from itself, protect [departments] from each other, or if there’s an issue, we have a kill switch that will take out departments or branches of government,” he said. “The legislative branch is not pleased we maintain that authority, but they have yet to act legislatively to restrict that current authority.”

Gary Gagnon, senior vice president and chief security officer at The MITRE Corporation, expressed unease over a kill switch capability.

“I get real nervous when I hear about a kill switch,” he said. “I don’t think we fully understand the dependency and complexity of the networks we are operating on a daily basis, and to have other organizations saying they sufficiently understand the procedures to deny another organization access . . . could have consequences.”

Existing laws and supporting and policies grant the agency CIO and designated approval authority the power for making decisions including those around a kill switch capability and potential tradeoffs, said John Streufert, director of the National Cyber Security Division at DHS.

“Having been a CISO and managed security in a number of cabinet-level departments, I think leaving that flexibility with cabinet-level CISOs . . . is a very positive thing because they’re closest to the impact and hold the responsibility over data,” he said.

 

About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.

Featured

  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.