This bill must be stopped.
The CyberSecurity Bill that the current administration is pushing for passage threatens a thriving, free speech and free press world of communication that all American citizens enjoy: the Internet. It is a farce to think that most Americans will trust the government to effectively and efficiently manage an emergency involving the Cyber Infrastructure of this country. The bill being proposed is nothing more than an excuse for the government to continue feeding its power-hungry appetite.
Certain key and bold sections of the CyberSecurity bill (S 773) text from OpenCongress.org are below for you to review along with the my opinion on the statements.
Under SEC. 14. PUBLIC-PRIVATE CLEARINGHOUSE
(a) DESIGNATION- The Department of Commerce shall serve as the clearinghouse of cybersecurity threat and vulnerability information to Federal Government and private sector owned critical infrastructure information systems and networks.
(b) FUNCTIONS- The Secretary of Commerce–
(1) shall have access to all relevant data concerning such networks without regard to any provision of law, regulation, rule, or policy restricting such access;
(2) shall manage the sharing of Federal Government and other critical infrastructure threat and vulnerability information between the Federal Government and the persons primarily responsible for the operation and maintenance of the networks concerned; and
(3) shall report regularly to the Congress on threat information held by the Federal Government that is not shared with the persons primarily responsible for the operation and maintenance of the networks concerned”
–Very scary if you ask me in regard to this section. I’m no lawyer, but the Commerce department (which I remind you is under DIRECT control of the President) according to this bill shall have complete ownership of whatever data they feel is “relevant” for their cybersecurity reporting both private sector and public sector. This means that anything on the Internet as well as other private networks is fair game for the federal government to read and keep however long as they see fit. Sounds no different than having the Nazis reading your telegrams before being delivered in the late 1930′s and early 1940′s Germany! Let’s keep reading folks…
AUTHENTICATION AND CIVIL LIBERTIES REPORT.
“Within 1 year after the date of enactment of this Act, the President, or the President’s designee, shall review, and report to Congress, on the feasibility of an identity management and authentication program, with the appropriate civil liberties and privacy protections, for government and critical infrastructure information systems and networks.”
–Let’s see here….appropriate civil liberties and privacy protections are managed by a WHITE HOUSE-ran identity and authentication program for critical networks. Obama and the Democrats will graciously provide a non-politically motivated umbrella of security! Haha yeah right! One paragraph on civil liberty and privacy protection? No details on what’s protected and what is private information. All these must be spelled out or the Commerce department will make that decision themselves. That is not what we want folks. Very dangerous.
Under SEC. 18. CYBERSECURITY RESPONSIBILITIES AND AUTHORITY
CYBERSECURITY RESPONSIBILITIES AND AUTHORITY.
(1) within 1 year after the date of enactment of this Act, shall develop and implement a comprehensive national cybersecurity strategy, which shall include–
(A) a long-term vision of the Nation’s cybersecurity future; and
(B) a plan that encompasses all aspects of national security, including the participation of the private sector, including critical infrastructure operators and managers;
(2) may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network
(3) shall designate an agency to be responsible for coordinating the response and restoration of any Federal Government or United States critical infrastructure information system or network affected by a cybersecurity emergency declaration under paragraph (2);
(4) shall, through the appropriate department or agency, review equipment that would be needed after a cybersecurity attack and develop a strategy for the acquisition, storage, and periodic replacement of such equipment;
(5) shall direct the periodic mapping of Federal Government and United States critical infrastructure information systems or networks, and shall develop metrics to measure the effectiveness of the mapping process;
(6) may order the disconnection of any Federal Government or United States critical infrastructure information systems or networks in the interest of national security
FEDERAL GOVERNMENT AND UNITED STATES CRITICAL INFRASTRUCTURE INFORMATION SYSTEMS AND NETWORKS- The term ‘Federal Government and United States critical infrastructure information systems and networks’ includes–
(A) Federal Government information systems and networks; and
(B) State, local, and nongovernmental information systems and networks in the United States designated by the President as critical infrastructure information systems and networks”
As The Lonely Conservative put it – Did you notice the singular noun at the top? THE PRESIDENT shall have all the above power described in the bill. The Executive Branch has no business in having the unilateral authority to shut down any PRIVATE network just because they think there is an attack or threat. Do you know how many attacks and threats are thwarted every day by companies and cyber security professionals? Too many to count, that’s how many. However, the government thinks the best option is to “temporarily” shut it down. They are politicians not IT professionals!! They don’t know jack about technology! According to the bill proposed, the only way something is considered a “critical infrastructure information system” is determined SOLELY by the President or his designee?? Hummm, I wonder what that might lead to? Maybe only certain “news” outlets are considered a “critical” infrastructure? Or maybe certain UNION dominated industries should be “critically” protected? Do we who work in the free enterprise industry of IT as well as all Americans want to have our government determining what is critical or not? It’s a joke to think they can do that.
h/t The Lonely Conservative