The arguments for (and against) an Internet kill switch

The "Internet kill-switch" that might have been included in earlier cybersecurity bills (and maybe not) provoked a great deal of argument. The idea that the president might have a means to actually shut down the Internet, or even part of it, during a cyber-emergency evoked a lot of concern.

However, applying the same concept on a departmental level within the federal government could be a good idea, according to some.

Panelists at MeriTalk’s June 26 cybersecurity discussion on Capitol Hill explored the hotly debated issue of an Internet kill switch – a single shutoff mechanism that would halt all online traffic during a cyber emergency.

In the event an agency has a security breach, should the Homeland Security Department be able to cut off its Internet access while the threat is being mitigated? asked an event attendee.

The state of Delaware’s central IT organization already has that capability in place but “the legislative branch is not happy that we have that authority,” said William Hickox, chief operating officer at Delaware Department of Technology and Information.

“It’s a kill switch on a departmental level, and we will use it to protect the department from itself, protect [departments] from each other, or if there’s an issue, we have a kill switch that will take out departments or branches of government,” he said. “The legislative branch is not pleased we maintain that authority, but they have yet to act legislatively to restrict that current authority.”

Gary Gagnon, senior vice president and chief security officer at The MITRE Corporation, expressed unease over a kill switch capability.

“I get real nervous when I hear about a kill switch,” he said. “I don’t think we fully understand the dependency and complexity of the networks we are operating on a daily basis, and to have other organizations saying they sufficiently understand the procedures to deny another organization access . . . could have consequences.”

Existing laws and supporting and policies grant the agency CIO and designated approval authority the power for making decisions including those around a kill switch capability and potential tradeoffs, said John Streufert, director of the National Cyber Security Division at DHS.

“Having been a CISO and managed security in a number of cabinet-level departments, I think leaving that flexibility with cabinet-level CISOs . . . is a very positive thing because they’re closest to the impact and hold the responsibility over data,” he said.

 

About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.