Lieberman Bill Gives Feds ‘Emergency’ Powers to Secure Civilian Nets
-
By Noah Shachtman
- June 2, 2010 |
- 2:07 pm |
- Categories: Crime and Homeland Security
Joe Lieberman wants to give the federal government the power to take over civilian networks’ security, if there’s an “imminent cyber threat.” It’s part of a draft bill, co-sponsored by Senators Lieberman and Susan Collins, that provides the Department of Homeland Security broad authority to ensure that “critical infrastructure” stays up and running in the face of a looming hack attack.
The government’s role in protecting private firms’ networks is one of the most contentious topics in information security today. Several bills are circulating on Capitol Hill on how to keep power and transportation and financial firms running in the event of a so-called “cybersecurity emergency.”
Last week, Deputy Defense Secretary William Lynn floated the idea of extending a controversial cybersurveillance program to hacker-proof the firms. Meanwhile, the military’s new Cyber Command is readying itself to march to these companies’ aid.
Lieberman and Collins’ solution is one of the more far-reaching proposals. In the Senators’ draft bill, “the President may issue a declaration of an imminent cyber threat to covered critical infrastructure.” Once such a declaration is made, the director of a DHS National Center for Cybersecurity and Communications is supposed to “develop and coordinate emergency measures or actions necessary to preserve the reliable operation, and mitigate or remediate the consequences of the potential disruption, of covered critical infrastructure.”
“The owner or operator of covered critical infrastructure shall comply with any emergency measure or action developed by the Director,” the bill adds.
These emergency measures are supposed to remain in place for no more than 30 days. But they can be extended indefinitely, a month at a time.
The DHS cybersecurity director has to ensure that the emergency measures “represent the least disruptive means feasible” and that “the privacy and civil liberties of United States persons are protected,” according to the bill. It also allows the private firms to handle network threats on their own — if DHS approves of the measures.
Senate staffers familiar with the bill acknowledge that it grants broad powers over private businesses; the staffers couldn’t think of an analog in the physical world, except for the Federal Aviation Administration’s authority to ground air traffic after 9/11. But the staffers say that the emergency powers will only apply to a relatively small number of companies, and only in the most extreme cases — when an electronic exploit might cause “catastrophic regional or national damage” resulting in “thousands of lives or billions of dollars” lost.
In order for the President to declare such an emergency, there would have to be knowledge both of a massive network flaw — and information that someone was about to leverage that hole to do massive harm. For example, the recent “Aurora” hack to steal source code from Google, Adobe and other companies wouldn’t have qualified, one Senate staffer noted: “It’d have to be Aurora 2, plus the intel that country X is going to take us down using that vulnerability.”
A second staffer suggested that evidence of hackers looking to leverage something like the massive Conficker worm — which infected millions of machines and was seemingly poised in April 2009 to unleash something nefarious — might trigger the bill’s emergency provisions. “You could argue there’s some threat information built in there,” the staffer said.
The Lieberman/Collins bill is hardly the the most extreme cybersecurity proposal that’s circulated on Capitol Hill in recent years. That dubious distinction belongs to a bill from Senators Jay Rockefeller and Olympia Snowe that empowered the feds to “order the disconnection of any Federal Government or United States critical infrastructure information systems or networks in the interest of national security.” That provision was neutered after a public outcry. Now, it calls on the U.S. government to “develop and rehearse detailed response and restoration plans” in the event of a major network threat.
[Photo: DHS]
See Also:
- Vowing to Prevent ‘Cyber Katrina,’ Senators Propose Cyber Czar
- Report: Critical Infrastructures Under Constant Cyberattack Globally
- Brazilian Blackout Traced to Sooty Insulators, Not Hackers
- Cyber Command: We Don’t Wanna Defend the Internet (We Just Might Have To)
- Prospective U.S. Cyber Commander Talks Terms of Digital Warfare
- U.S. Cyber Command: 404 Error, Mission Not (Yet) Found
The last line regarding the Rockefeller/Snowe bill is from the text as submitted in April of last year. Since then, the language has been drastically neutered. You can find the draft ammendment here (Section 201 for comparison – Cybersecurity responsibilities and authorities): http://commerce.senate.gov/public/?a=Files.Serve&File_id=29daa3d9-291e-46ce-aba9-f2348f4c0d0d
This sounds like a great idea for two reasons: 1) we don’t have enough of the federal government in our lives and this sounds like an awesome way to get them more involved; and 2) the gov’t has such a fantastic record of stepping into catastrophes/disasters and getting things back on track. I applaud this use of taxpayer money that, while unlikely to prove effective when we most need it, will probably bring about some much needed intrusion into citizens’ personal lives while entrusting future calamities to those least able to fix them.
Joseph Lieberman is a terrorist pure and simple. He should have his citizenship stripped and be locked in Guantanamo for the remainder of this life, in solitary confinement, with no access to legal representation . If he were to visit our state, I would do my best to see that this happens.
This is just begging for the opportunity to abuse it.
Time to come up with an open-source, distributed alternative to the internet.
that’s what the internet *was*
@paxam You’re right; my bad. I’ve updated and corrected the post.
We have been in a ’state of emergency’ for 40 years now.. So now the government can trump up an emergency and control net access.. one more stake in the heart of the constitution
Having been a small rural ISP since 1995, I’ll be the first to stand on the soap box & point out quite simply:
.
By the time *any* Govt. authority reacts to something that occurs at nearly the speed of light, it’ll all be over & we’ll be trashed.
.
Stepping down from soapbox and back to work.
Since the internet is really just a series of pipes why not just hire several thousand federal plumbers to go around turning off the internet valves?
The sponsors of this bill should be prosecuted for wasting paper.
Well, the government did such a great job in Louisiana with Katrina and the BP spill that it’s only logical they’ll do an equally bang-up job with cybersecurity.
NO. NO. NO. Right now, when there is a big “hack attack” as it is phrased, companies have a great motivation for fixing things and getting them back on track. It is called “enlightened self-interest”. It is in their self-interest to fix things and help their neighbors fix things so that commerce can resume quickly. Besides, what will happen when the definition of “emergency” becomes “when citizens say things that don’t agree with my agenda”. Kind of like how the definition of “Terrorist” went from “Person who uses fear to accomplish a political or ideological goal” to “anyone the government or media wants to blacklist”
@seerwright
Great post and I agree 100 percent. Reminds me of this quote: “What are the nine scariest words in the English language? I’m from the government and I’m here to help.” – Ronald Reagan.
@ImmortalSoFar
a combination of sneakernet and packet radio, to begin with.
It won’t be too long until Google, dominates the very foundation of security We, netizens are clinging to.
Disgusting!! Thank you my fellow Connecticut citizens for voting in this douchebag again. Bills to strip U.S. citizens of their citizenship by executive decree, bills to takeover the internet, Lieberman is a real piece of work. The man is not fit to serve in the senate.
.
Wake up America. The internet is the single greatest communications tool ever invented by humankind. Now the elite in business and in government who have had a monopoly on the distribution of information are trying to put the genie (the internet) back in the bottle.
.
All these bills have the main aim of getting the foot in the door to eventually shut down the internet, cut off free speech, stop distribution of articles for reasons of National Security, prevent information the elite doesn’t want out there from getting out, etc, all on the whims of the executive branch.
.
Make no mistake, that is exactly what these bills are about, taking your ability to communicate with the world, for next to no money, away from you.
.
The DoD has an intranet spanning the whole country for classified communications. It is physically isolated from the internet and not accessible through the internet. There is no reason this can’t be done for infrastructure like traffic systems or power systems or atms.
.
Policing the whole internet and giving the government the power to take it over has nothing to do with protecting infrastructure. It is a lie, like the lie of Gulf of Tonkin, the lie of Iraqi WMD.
Something tells me we’re going to have a pre-election day scare that activates this and continues to be a perpetual state of emergency…
“imminent cyber threat” doesn’t even MEAN anything, but sure, let’s give them carte blanche!
These tools that make or create laws only know what some people tell them. I work with these C level public servants and they don’t even know how to unlock their blackberry. THESE are the people making decisions for us.
hrrmpf
@ technophile
.
You are probably right, Lieberman is probably just a tool doing what people tell him but who is doing the telling? Same goes for Rockefeller’s bill, if he didn’t come up with it, who was doing the telling?
.
It is likely that the Patriot Act came out of the Continuity of Government program that almost no one in Congress is briefed on and in the declaration of a National Emergency would suspend the Constitution, declare martial law, and dissolve the Congress putting the Executive branch in charge with regions of the country controlled by regional military governors.
.
If Lieberman and Rockefeller aren’t coming up with this legislation on their own then I would bet it is coming from the cabal in CoG.
@ technophile
.
You may be right, Lieberman might just be a tool doing what he is told. If so then the question is who is doing the telling. The same goes for Rockefeller and his bill.
.
The Patriot Act introduced after 9/11 likely came out of the Continuity of Government program, a program almost no one in Congress is briefed on. This program has procedures in place to suspend the Constitution, declare martial law, dissolve the Congress and put regional military governors in control of different territories of the U.S. if the President declares a National Emergency.
.
If Lieberman and Rockefeller aren’t coming up with these internet takeover bills on their own then my bet is they are coming out of the cabal running CoG.
Bills become law in this country for one of two reasons:
a) They ride on the coattails of mass hysteria (e.g., Patriot Act); or
b) Somebody with money stands to keep making money (e.g., DCMA).
Okay, I admit there may be exceptions, but Lieberman doesn’t really seem to have the system figured out.
I predict this bill is DOA without amendment. Unless there’s a major “critical infrastructure” incident before this comes up for a vote, we need some kind of pithy, short-sighted, corporate greed angle to get this puppy passed.
Now let’s hear some ideas, people!
We don’t have Government in the US, there is a closed shop administration and gang laws to control illegitimate businesses?
And posed as a question, for a statement would be probably considered too offensive and lead to a mindless attack with ill considered words.
Oh….please please please take over control of our private companies upon the declaration of 1 man. Cant see any corruption coming out of this, none. And the good it can do? Shouldnt it be up to those companies to, in a sense, defend themselves?
Surely the government can think of another way to “protect” its citizens and companies from the so called hack attack…..WITHOUT having to take over company networks. Slowly but surely, giving our freedoms away.
@seerwright- good point. I imagine it would go like this. If left alone, the private companies could get the networks running again in a day. If the government was handling it, probably like 3 months.