Senators plan to revisit the controversial cybersecurity measure, which includes authority for the president to shut down U.S. critical infrastructure in the event of a national emergency.
By Elizabeth Montalbano, InformationWeek
Feb. 1, 2011
A cybersecurity measure granting authority to the president to shut down critical U.S. infrastructure in the event of an imminent national security threat or war is about to get a second chance in Congress.
Talk of the legislation's reintroduction comes as the Egyptian government has restricted access to the Internet in the midst of political upheaval by ordering the country's Internet service providers, which operate under a federal license, to cut service.
Sen. Susan Collins, R-Maine, is one of the senators planning to re-introduce the legislation as part a larger cybersecurity bill Congress debated last summer, "Protecting Cyberspace as a National Asset Act of 2010," or S. 3480. The bill made it past the Homeland Security and Governmental Affairs committee.
A measure authorizing similar presidential power also was removed from another cybersecurity bill, the Cybersecurity Act of 2010, S. 773, sponsored by Sens. John Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine), because of opposition to it.
The controversial authority has been described by pundits as an "Internet kill switch" and widely characterized as giving the president power to pull the plug on the entire Internet. However, Collins -- who co-sponsored the measure last year with Sens. Joseph Lieberman (I-Conn.) and Tom Carper (D-Del.) -- said that characterization is a misnomer.
In a "Myth vs. Reality" fact sheet Collins' and Lieberman's offices published last June when the legislation was first introduced, the senators said that the measure will make it "far less likely" for the president to use the "broad authority" already granted to him by Section 706 of the Communications Act of 1934 to take over communications networks if a "state or threat of war" exists.
A representative from Collins' office cited the fact sheet via email Monday to clarify new reports that have surfaced that an Internet kill switch will once again be on the table. The fact sheet also debunks the idea that the bill will give the president the authority to exercise power over private companies, without Congressional approval, by shutting down the entire Internet.
Instead, according to Collins' office, it allows the president only to identify critical control systems -- i.e., telecommunications networks, the electric grid, financial systems, and the like -- and order emergency measures for them in the event of a catastrophic event at the national or regional level.
Though he would not need congressional approve to take action such as limiting access to critical infrastructure, the president would have to notify them first. Moreover, his authority would be limited to 30-day increments, although Congress could approve an extension to 120 days.
The previous bill also mandated that the president take the "least disruptive means feasible" to respond to a threat, and allows for owners and operators to come up with alternative security measures to respond to a cyber emergency that could replace any ones the president takes.
It's unclear when Congress will get a look at the new bill, which reports say is currently being revised. E.R. Anderson, press secretary for the Committee on Homeland Security and Governmental Affairs, said via e-mail Tuesday that the timing of its reintroduction depends on how Sen. Harry Reid (D-Nev.) "wants to handle the placeholder" for the legislation, the Cyber Security and American Cyber Competitiveness Act of 2011, or S. 21.