Kill switch quandry: should president have power to turn off Internet
Posted on | July 26, 2010 | add a comment
Last year Senators Jay Rockefeller and Olympia Snowe stirred up a bi-partisan ruckus by proposing to give the U.S. president the authority to shut down all or portions of the Internet in the event of an emergency. The so-called Internet “kill switch” may — or may not — be part of the currently proposed Lieberman-Collins Protecting Cyberspace as a National Asset Act, depending on who you talk to. In this guest LastWatchdog guest blog post, Patricia Titus, Chief Information Security Officer, Unisys Federal, sorts through this tempest in a teapot.
By Patricia Titus
The 2009 proposed bill, introduced by Sen. John Rockefeller (D-W. Va.) and Sen. Olympia Snowe (R-Maine), clearly called for a Presidential internet kill switch and spawned visuals of President Obama sitting in the Oval Office with his hand hovering over an “easy button.â€
Several industry groups spent countless hours debating the language of that earlier bill and its implications, offering guidance to the members and staffers writing the legislation. In response to this, Sen. Joseph Lieberman (ID-CT) softened the language in his bill and added good clarifying terms. In my estimation, there is currently no language that would suggest an “internet kill switch†is being placed in the hands of the President. Rather the language allows decision making within the executive branch to protect our national interests and critical infrastructure, and achieve this through consensus.
The Lieberman bill highlights the need for a public/private partnership to help set policy to define what constitutes a cyber attack. This is where many of us are skeptical. For years we’ve been hearing the term “public/private partnership†or “P-cubed.†We’ve already seen several examples of failed P-cubed. Without this critical governance partnership, the job of successfully negotiating these policies will surely fail. Lack of a cohesive plan could be catastrophic for the country. Imagine if a portion of critical infrastructure were taken off the internet, resulting in an interruption of international trade communications. Economic stability could be placed at risk, and the cascading effect could have far reaching implications for years to come.
Organizations that own our critical infrastructure must be held accountable to immediately determine which stakeholders from both the public and private sector need to participate in negotiations. Representatives from every relevant sector of government and industry should participate in comprehensive discussions to determine appropriate actions to be taken by the President and to provide guidance. Perhaps involvement from think tanks would add great value.
Also, we cannot allow the international community to be cut out of this discussion; there could be great implications for them as well.
As always, the devil is in the details. But without participation by both the government and the private sector, this legislation will surely fail. We currently have a surfeit of cyber security legislation, yet we seem to lack the ability to make much of it stick. With the pending recess and elections, it’s possible all this work will lead to nothing. Our country will remain at risk while our new legislators come up to speed.