A new cyber security bill (PDF), based on a false premise, filled with impractical and draconian solutions to a problem that doesn't exist, is now poised to be voted on by our lawmakers before the end of this year. This new draft is a combination of two cyber security bills which were merged into one. These bills originally introduced, then tabled, by Senators Lieberman and Rockefeller, have now been married into one ugly union forever binding the public and private Internet to the government.
The "Protecting Cyberspace as a National Asset Act of 2010" is being sold as a solution to the problem of what to do in the event of a cyber attack that poses an “imminent threat” to the U.S. electrical grid or other critical infrastructure such as the water supply or financial network. Unfortunately for lawmakers, these critical networks are not, never have been, and never will be part of the public Internet-therefore their argument holds no water. The vast majority of security experts and those who actually understand the Internet and networks agree that the most critical networks are in no danger from outside threat. One would need physical access to these systems to do serious harm and this bill would do nothing to prevent that kind of attack. With the creation of new rules, regulations and even a fancy new government agency, the National Center for Cybersecuirty and Communications—NCCC, it is clear this is nothing more than another power grab from this Administration.
This bill would extend unprecedented power to the President and the newly created agency alone, with no oversight by Congress or any need for explanation to the American people. It would also allow the government to designate companies of their choosing as "critical" and those companies would then fall under the complete control of the Obama Administration. "Critical" companies, such as broadband providers or software firms,would be required to“immediately comply with any emergency measure or action developed” by the Department of Homeland Security. It would also require information sharing by these companies with the federal government. Finally, it grants the authority to monitor the “security status” of private sector websites, broadband providers and other internet components. Any business or industry that failed to comply, follow the government dictated standards, or immediately subjugate once a national emergency was declared would then be subject to seizure or shuttering.
This is a bad move for the freedom we currently experience on the Internet. It is unnecessary while also being far too ambiguous and expansive. The true security experts in our community are already developing plans and action items to protect our most critical network infrastructure, the government has no business meddling in this arena.