Bill would give Obama power to shut down Internet, networks during cyber attacks

Federal legislation introduced in the Senate this week would give President Obama the power to declare a cybersecurity emergency and then shut down both public and private networks including Internet traffic coming to and from compromised systems.

The proposed legislation, introduced April 1, also would give the President the power to “order the disconnection of any Federal government or United States critical infrastructure information systems or networks in the interest of national security.”

Some critics of the bill say that phrase needs to be more clearly defined.

“We are confident that the communication networks and the Internet would be so designated [as critical infrastructure], so in the interest of national security the president could order them disconnected.,” said Leslie Harris, president and CEO at the Center for Democracy and Technology (CDT), , which promotes democratic values and constitutional liberties for the digital age.

Harris and the CDT don’t think such sweeping power is good news for anyone, including private networks that could be shut down by government order. Those same networks would be subject to government mandated security standards and technical configurations.

The bill says the president must have a comprehensive national cybersecurity strategy in place 12 months after the bill passes.

“This is pretty sweeping legislation,” says Harris. “Seems the President could turn off the Internet completely or tell someone like Verizon to limit or block certain traffic,” she said. “There is a lot to worry about in this bill.”

In addition, an agency appointed by the President would control how and when systems are restored.

The power could conceivably extend to large service provider networks such as those run by Google, Microsoft, AOL, Yahoo and others who offer online services and applications to corporations and consumers.

“We are currently studying this legislation,” said Dan Martin, a spokesman for Google. “Security has been a priority at Google from the beginning of the company – we recognize that secure products are instrumental in maintaining the trust our users place in us.”

Proponents including officials from the Center for Strategic and International Studies (CSIS) say the legislation is comprehensive and strong and reflects the need for thorough debate around digital security that is long overdue.

The bill was introduced by West Virginia Democratic Sen. John Rockefeller, the chairman of the Senate Committee on Commerce, Science, and Transportation, and Sen. Olympia Snowe, a Republican from Maine.

Rockefeller said in a statement the bill loosely parallels the recommendations presented in December to Obama by a CSIS panel. The panel recommended naming an assistant for cyberspace and a National Security Council (NSC) director to coordinate government response to cyber threats.

The 51-page Rockefeller/Snowe bill calls for the appointment of a National Cybersecurity Advisor that reports directly to the President.

“[Rockefeller/Snowe] got input form a lot of sources, including the CSIS report, so there is more there than we had laid out. It’s a strong bill,” said Jim Lewis, director and senior fellow in the technology and public policy program at CSIS.