- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
The Senate bill, first introduced in April by Senator John Rockefeller (D-W. Va.), does, however, still include language that gives Obama the authority to direct responses to cyber attacks and declare a cyber emergency.
The bill also gives the President 180 days, as opposed to one year outlined in the bill’s first draft, to implement a cybersecurity strategy from the day the bill is passed, which for now could be a long way off.
But the language in the first draft of the bill, which has yet to make it out of Rockefeller’s Senate Committee on Commerce, Science, and Transportation and onto the Senate floor, has been rewritten regarding the President’s authority to shut down both public and private networks including Internet traffic coming to and from compromised systems.
Critics contend sweeping presidential power isn’t good news since private networks could be shut down by government order. In addition, those same networks could be subject to government mandated security standards and technical configurations.
The original bill included the words: “The President may….order the limitation or shutdown of Internet traffic to and from any compromised Federal government or United States critical infrastructure information system or network.
The second draft, which has not been released publicly, rearranges those words, according to text of the bill posted by CNet.
The second draft contains more convoluted language concerning the President’s control over computer networks and it deletes reference to the Internet.
It qualifies his authority to include “strategic national interests involving compromised Federal Government or United States critical infrastructure information system or network,” but says he may “direct the national response to the cyber threat” in coordination with “relevant industry sectors.”
The reference to relevant industry sectors is new in the second draft.
The bill still includes language that would have the President directing the “timely restoration of the affected critical infrastructure information system or network.”
Earlier this year, critics expressed concern over potentially giving the President power to tell private network operators when they could turn their systems back on after a cybersecurity threat.
Proponents, however, including officials from the Center for Strategic and International Studies (CSIS), are on record as saying the legislation is comprehensive and strong and reflects the need for thorough debate around digital security that is long overdue.
The original bill proposed by Rockefeller, and now co-sponsored by Evan Bayh (D-Ind.) Bill Nelson (D-Fla.) and Olympia Snowe (R-Maine), touched off a storm of debate over how much power the President should have to control the operation of “critical infrastructure.”
When the bill was release in April, Leslie Harris, president and CEO at the Center for Democracy and Technology (CDT), which promotes democratic values and constitutional liberties for the digital age, told Network World: “We are confident that the communication networks and the Internet would be so designated [as critical infrastructure], so in the interest of national security the president could order them disconnected.”