The Senate bill, first introduced in April by Senator John Rockefeller (D-W. Va.), does, however, still include language that gives Obama the authority to direct responses to cyber attacks and declare a cyber emergency.
The bill also gives the President 180 days, as opposed to one year outlined in the bill’s first draft, to implement a cybersecurity strategy from the day the bill is passed, which for now could be a long way off.
But the language in the first draft of the bill, which has yet to make it out of Rockefeller’s Senate Committee on Commerce, Science, and Transportation and onto the Senate floor, has been rewritten regarding the President’s authority to shut down both public and private networks including Internet traffic coming to and from compromised systems.
Critics contend sweeping presidential power isn’t good news since private networks could be shut down by government order. In addition, those same networks could be subject to government mandated security standards and technical configurations.
The original bill included the words: “The President may….order the limitation or shutdown of Internet traffic to and from any compromised Federal government or United States critical infrastructure information system or network.
The second draft, which has not been released publicly, rearranges those words, according to text of the bill posted by CNet.
The second draft contains more convoluted language concerning the President’s control over computer networks and it deletes reference to the Internet.
It qualifies his authority to include “strategic national interests involving compromised Federal Government or United States critical infrastructure information system or network,” but says he may “direct the national response to the cyber threat” in coordination with “relevant industry sectors.”
The reference to relevant industry sectors is new in the second draft.
The bill still includes language that would have the President directing the “timely restoration of the affected critical infrastructure information system or network.”
Earlier this year, critics expressed concern over potentially giving the President power to tell private network operators when they could turn their systems back on after a cybersecurity threat.
Proponents, however, including officials from the Center for Strategic and International Studies (CSIS), are on record as saying the legislation is comprehensive and strong and reflects the need for thorough debate around digital security that is long overdue.
The original bill proposed by Rockefeller, and now co-sponsored by Evan Bayh (D-Ind.) Bill Nelson (D-Fla.) and Olympia Snowe (R-Maine), touched off a storm of debate over how much power the President should have to control the operation of “critical infrastructure.”
When the bill was release in April, Leslie Harris, president and CEO at the Center for Democracy and Technology (CDT), which promotes democratic values and constitutional liberties for the digital age, told Network World: “We are confident that the communication networks and the Internet would be so designated [as critical infrastructure], so in the interest of national security the president could order them disconnected.”
Network World sources said Rockefeller’s Commerce, Science, and Transportation committee, which includes Senators Mark Begich (D-Alaska), Barbara Boxer (D-Calif.) and Maria Cantwell (D-Wash.), spent much of the recent Senate recess meeting with stakeholders and groups that had problems with the first draft of the bill.
Those meetings are intended to help complete a second draft, which has yet to be introduced formally by the committee.
While the sources did not say who was part of those meetings, stakeholders could conceivably extend to large service provider networks such as those run by Google, Microsoft, AOL, Yahoo and others that offer online services and applications to corporations and consumers.
In April, Google confirmed it was studying the legislation.
The cybersecurity bill is very much in the early stages and the second draft represents progress in drafting the bill’s language for the committee to debate.
Introduced bills and resolutions first go to committees that deliberate, investigate and revise them before they go to general debate. The majority of bills and resolutions never make it out of committee.
As with any law, both the House and Senate would have to pass the bill and the President would have to sign it.