Senate Legislation Would
Federalize Cybersecurity
Rules for
Private Networks Also Proposed
By Joby
Warrick and Walter Pincus
Washington Post
Wednesday, April 1, 2009
Dating back two decades ago we saw and wrote about the internet
becoming a national security issue not just because of government and military
use, but that ecommerce would become a critical part of GDP and any shutdown
and attacks online would disrupt and put at risk the economy of any or all
nations that would become dependant on that technology. We foresee that the openness of the internet as
an extraordinary tool to preach the gospel to be able to teach the words and
commandments of Jesus Christ to be able to reach beyond all boarders, lands and
peoples despite their laws against all such preaching and teaching will come to
an end as US government regulation, and restrictive freedom of speech laws in
Canada, the EU and UN law all converge not to far in the distant future. As the powers of darkness
continue to grow and expand and the war against the Church, Christianity, and the
Bible become fully unveiled in the EU and US.
Key lawmakers
are pushing to dramatically escalate U.S. defenses against cyberattacks,
crafting proposals that would empower the government to set and enforce
security standards for private industry for the first time.
The
proposals, in Senate legislation that could be introduced as early as today,
would broaden the focus of the government's cybersecurity
efforts to include not only military networks but also private systems that
control essentials such as electricity and water distribution. At the same
time, the bill would add regulatory teeth to ensure industry compliance with
the rules, congressional officials familiar with the plan said yesterday. (Eventually to be controlled
by a BATF paramilitary style agency)
Addressing what intelligence officials describe as
a gaping vulnerability, the legislation also calls for the appointment of a White
House cybersecurity "czar" with unprecedented
authority to shut down computer networks, including private ones, if
a cyberattack is underway, the officials said.
How industry groups will respond is unclear. Jim Dempsey, vice president for
public policy at the Center for Democracy and Technology, which represents
private companies and civil liberties advocates, said that mandatory standards
have long been the "third rail of cybersecurity
policy." Dempsey said regulation could also stifle creativity by forcing
companies to adopt a uniform approach.
The legislation, co-sponsored by Senate Commerce Committee Chairman John D.
Rockefeller IV (D-W.Va.) and Sen. Olympia J. Snowe (R-Maine), was drafted with White House input.
Although the White House indicated it supported some key concepts of the bill,
there has been no official endorsement.
Many of the proposals were based on recommendations of a landmark study last
year by the Center for Strategic and International Studies.
Currently, government responsibility for cybersecurity
is split: The Pentagon and the National Security Agency safeguard military
networks, while the Department of Homeland Security provides assistance to
private networks. Previous cybersecurity initiatives
have largely concentrated on reducing the vulnerability of government and military
computers to hackers.
A 60-day federal review of the nation's defenses against computer-based
attacks is underway, and the administration has signaled its intention to
incorporate private industry into those defenses in an unprecedented way.
"People say this is a military or intelligence concern, but it's a lot
more than that," Rockefeller, a former intelligence committee chairman,
said in an interview. "It suddenly gets into the realm of traffic lights
and rail networks and water and electricity."
U.S.
intelligence officials have warned that a sustained attack on private computer
networks could cause widespread social and economic havoc, possibly shutting
down or compromising systems used by banks, utilities, transportation companies
and others.
The Rockefeller-Snowe measure would create the
Office of the National Cybersecurity Adviser, whose
leader would report directly to the president and would coordinate defense
efforts across government agencies. It would require the National Institute of
Standards and Technology to establish "measurable and auditable cybersecurity standards" that would apply to private
companies as well as the government. It also would require licensing and
certification of cybersecurity professionals.
The proposal would also mandate an ongoing, quadrennial review of the nation's cyberdefenses. "It's not a problem that
will ever be completely solved," Rockefeller said. "You have to keep
making higher walls."
Last week, Director of National Intelligence Dennis C. Blair told reporters
that one agency should oversee cybersecurity for
government and for the private sector. He added that the NSA should be central
to the effort.
"The taxpayers of this country have spent enormous sums developing a
world-class capability at the National Security Agency on cyber," he said.
Blair acknowledged there will be privacy concerns about centralizing cybersecurity, and he said the program should be designed
in a way that gives Americans confidence that it is "not being used to
gather private information."