WASHINGTON (CBS4) ― The White House is one step closer to having the authority to flip the Internet “kill switch” in case of emergency.
The Senate Committee on Homeland Security and Governmental Affairs approved a cybersecurity bill called PCNAA, or Protecting Cyberspace as a National Asset Act on Friday. The bill would give the president the power to call it lights out for the Internet if there is “a cyber attack capable of causing massive damage or loss of life.”
The legislation would force companies such as broadband providers, search engines, or software firms that the government selects to “immediately comply with any emergency measure or action developed” by the Department of Homeland Security. Anyone failing to comply would be fined.
The idea behind it is not new. A draft Senate proposal that CNET obtained in August allowed the White House to “declare a cybersecurity emergency,” and another from Sens. Jay Rockefeller (D-W.V.) and Olympia Snowe (R-Maine) would have explicitly given the government the power to “order the disconnection” of certain networks or Web sites.
That emergency authority would allow the federal government to “preserve those networks and assets and our country and protect our people,” Joe Lieberman, the primary sponsor of the measure and the chairman of the Homeland Security committee, told reporters on Thursday. Lieberman is an independent senator from Connecticut who caucuses with the Democrats.
Any company on a list created by Homeland Security that also “relies on” the Internet, the telephone system, or any other component of the U.S. “information infrastructure” would be subject to command by a new National Center for Cybersecurity and Communications (NCCC) that would be created inside Homeland Security.
The only obvious limitation on the NCCC’s emergency power is one paragraph in the Lieberman bill that appears to have grown out of the Bush-era flap over warrantless wiretapping. That limitation says that the NCCC cannot order broadband providers or other companies to “conduct surveillance” of Americans unless it’s otherwise legally authorized.
The NCCC also would be granted the power to monitor the “security status” of private sector Web sites, broadband providers, and other Internet components. Lieberman’s legislation requires the NCCC to provide “situational awareness of the security status” of the portions of the Internet that are inside the United States — and also those portions in other countries that, if disrupted, could cause significant harm.
Selected private companies would be required to participate in “information sharing” with the Feds. They must “certify in writing to the director” of the NCCC whether they have “developed and implemented” federally approved security measures, which could be anything from encryption to physical security mechanisms, or programming techniques that have been “approved by the director.” The NCCC director can “issue an order” in cases of noncompliance.
To sweeten the deal for industry groups, Lieberman has included a tantalizing offer absent from earlier drafts: immunity from civil lawsuits. If a software company’s programming error costs customers billions, or a broadband provider intentionally cuts off its customers in response to a federal command, neither would be liable.
If there’s an “incident related to a cyber vulnerability” after the president has declared an emergency and the affected company has followed federal standards, plaintiffs’ lawyers cannot collect damages for economic harm. And if the harm is caused by an emergency order from the Feds, not only does the possibility of damages virtually disappear, but the U.S. Treasury will even pick up the private company’s tab.
Initially, the bill would have given the president unlimited authority on how long he could control the Internet, but an amendment passed Friday says he would have to get the approval of Congress to shut down the Internet for more than 120 days.
Jun 26, 2010 5:30 pm US/Eastern
Source: CBS NEWS