The U.S. Senate will vote this week on the Cybersecurity Act of 2012, which would strengthen President Obama’s attempt to control the Internet, primarily through the departments of Homeland Security (DHS) and Defense.
The bill even includes an effort at international Internet control. It also sets up, deep in the legislation’s wording, “cybersecurity exchanges” for monitoring the Internet.
Obama earlier this month signed an order giving the executive branch emergency control of America’s communications including the Internet and media outlets. It was the president’s second executive order in five months which binds more citizens’ freedoms under federal government emergency authority.
Under the president’s emergency order, the secretaries of Homeland Security and Defense would co-chair a multi-department committee overseeing the Internet and media.
The Senate’s Cybersecurity Act further secures the president’s order regarding the Internet.
The Senate bill provides for a National Cybersecurity Council comprised of representatives from the Departments of Commerce, Defense, Homeland Security, Justice “and other appropriate” federal agencies “with responsibilities for regulating the security of covered critical infrastructure.” The Secretary of Homeland Security will chair the council “and will coordinate with owners and operators of critical infrastructure.”
The bill mentions that private businesses could be verified as cybersecure under the monitoring process. Business participation would be voluntary, and Constitutional rights allegedly would be protected. But we’ve seen little actual effort from the executive or legislative branches in recent years in following through on these protections.
The bill instructs the council “to identify categories of critical cyber infrastructure only if a cyber attack to that infrastructure could reasonably result in: (1) interruption of lifesustaining services sufficient to cause a mass casualty event or mass evacuations; (2) catastrophic economic damage to the United States; or (3) severe degradation of national security.”
(If the president’s control over the Internet protects us from “catastrophic economic damage to the United States” the way the president and Congress shielded us from the economic meltdown of 2008, then we’ll be in good hands.)
Businesses “voluntarily” involved in being federally verified as secure “will be entitled to several benefits including: (1) liability protections from any punitive damages arising from an incident related to a cybersecurity risk where the owner is in substantial compliance with the cybersecurity practices at the time of the incident; (2) expedited provision of security clearances to appropriate personnel employed by the certified owner; (3) priority technical assistance on cyber issues; and (4) receipt of relevant realtime cyber threat information.”
(You may recall telephone companies, under security legislation, receiving federal liability protections for tapping Americans’ phones. Also, “priority technical assistance” and “receipt of relevant realtime cyber threat information” sounds like a subtle threat: Any business that won’t cooperate “voluntarily” will be left waiting for assistance and won’t receive cyber threat information in time.)
The bill further calls for efforts at obtaining international cooperation in cybersecurity, instructing Homeland Security and the Secretary of State to communicate with foreign owners and operators of “information infrastructure.” It further calls for DHS and the State Department to “coordinate with international governments and owners of such information infrastructure regarding mitigation or remediation of cyber risks.”
In May, a Homeland Security attorney indicated that the department was planning to eventually take control of the Internet. Such a move by government logically would end citizens’ Constitutional right to freedom of expression, including limiting them to sharing only government-approved information.
Bruce McConnell, a senior cybersecurity counselor with DHS, reported to a cybersecurity gathering in Washington on May 2 that DHS will establish “institutions” on the Internet to govern it, including working with other nations to determine what content is “proper.” McConnell led his presentation by explaining that Obama has instructed DHS to protect the Internet because it is a “civilian” agency.
The proposed Senate legislation also calls for consolidating several DHS cybersecurity functions under a new “National Center for Cybersecurity and Communications (NCCC or the Center). The Center would be headed by a Director appointed by the President and confirmed by the Senate. The Director would be responsible for managing Federal efforts to secure, protect, and ensure the resiliency of cyber networks in the United States.”
The bill further requires the new director to “facilitate cybersecurity information sharing of both classified and unclassified cybersecurity information with other Federal agencies, the private sector, state and local governments, and international partners. Information shared with the Federal government will receive special protections from further disclosure.”
Efforts are also called for to carry the cybersecurity effort into American and foreign universities. The bill instructs the National Science Foundation to establish cybersecurity research centers at “institutions of higher learning or other entities. It also orders the new cybersecurity director and the Secretary of Defense “to establish Centers of Excellence in cybersecurity for the protection of critical infrastructure in conjunction with academic and professional partners from countries that may include allies of the United States.”
The bill also establishes “cybersecurity exchanges” basically for monitoring the Internet for cybersecurity threats. They would be under the combined responsibility of DHS, the Defense Department, the Justice Department, and the National Intelligence Agency.
