Here’s a development coming out of Washington that web masters and information technology professionals need to know about.
Sen. Jay Rockefeller (D-WV) introduced the Cybersecurity Act of 2009 to the dismay of Internet companies and civil liberties groups. CNET News has obtained a revised version of the bill, S. 773, only to learn that it grants far-reaching powers to the executive branch to seize temporary control of private sector networks during a cybersecurity crisis.
This new law would allow the president to declare a “cybersecurity emergency” relating to “non-governmental” networks and do whatever is necessary to respond to the threat. If passed, the new law would also create a federal certification program for “cybersecurity professionals” – certain private sector IT managers will be required to obtain this new license.
“I think the redraft, while improved, remains troubling due to its vagueness. It is unclear what authority Sen. Rockefeller thinks is necessary over the private sector. Unless this is clarified, we cannot properly analyze, let alone support the bill,” states Larry Clinton, president of the Internet Security Alliance.
A Senate source familiar with the bill compared this new authority to when former President Bush (43) grounded all aircraft in the midst of the 9/11 terror attacks.
The new law would also require all federal agencies create a “cybersecurity workforce plan” and implement a “comprehensive national cybersecurity strategy” within 6 months. However, it will take almost a year to complete the legal review.
The most controversial part of the bill is found in section 201 which permits the President to “direct the national response to the cyber threat” for “the national defense and security.” The administration will be required to conduct “periodic mapping” of critical private networks and companies “shall share” requested information with the federal government.
The bill does not detail what a “critical” network is however and that is why there is much concern about this legislation among IT professionals and civil liberties interests. The bill does define the term “Cyber” as anything to do with the Internet, telecommunications, computers or computer networks – a very broad definition indeed.
Read this article from CNET News to learn more. We will monitor the progress of this legislation and post updates to the information technology blog.