Wednesday, April 15, 2009

Cybersecurity Act of 2009

The 1 April 2009 Senate Bill S.773 is no joke, though much of might fit that label. The so-called Cybersecurity Act of 2009, sponsored by Sen. John Rockefeller [D, WV] and co-sponsored by Sen. Evan Bayh [D, IN], Sen. Bill Nelson [D, FL] and Sen. Olympia Snowe [R, ME] is designed to:

To ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cyber security defenses against disruption, and for other purposes.

Whereas having a national cybersecurity program is merited, one must be careful in how much control to give the federal government. It is one thing for it to put restrictions on the what, when, why and how of federal agency security, it is another when it starts mandating what states, local governments and private businesses must do.

The bill will give the federal government (the President) the power to “order the disconnection of any Federal government or United States critical infrastructure information systems or networks in the interest of national security.” They shut down air traffic in the country in 2003 for a few days after 9/11; this would be similar.

How much power and control would it allocate to the major ISPs? How will the states fund the requirements? Will the business requirements and costs be overbearing for businesses? The federal government did it with Sarbanes-Oxley; this smells similar.

This is one to watch closely. Because it is sponsored by Democrats (Snowe is closer to a Democrat than a Republican), most of their bills look plausible at first glance but are binding and liberty-restricting when the details are examined.

No comments: