The Senate Commerce Chairman John (Jay) Rockefeller and Sen. Olympia Snowe, R-Maine, introduced legislation today that would require a presidentially appointed cybersecurity advisory panel to ensure that national security would not be compromised before approving the renewal or modification of the contract between the U.S. government and the Internet Corporation for Assigned Names and Numbers or ICANN.
The bill calls for federal government to maintain greater control of the ICANN and are intended to give the federal government tighter control over the Internet’s domain registration.
The Rockefeller-Snowe bill, would create a White House cyber-czar position to oversee such work across the federal government. That official would have the authority to shut down government and private computer networks in the event of a high-tech attack.
The bill also instructs the Commerce Department to set up a real-time IT monitoring program that could be a test bed for other departments. It would require measureable and auditable cybersecurity standards for all federal agencies, contractors or grantees that work with critical infrastructure and IT systems.
The national cybersecurity adviser would be the top official on every issue related to cybersecurity and would coordinate efforts with the intelligence community and other agencies. The official would have sweeping powers reaching across the federal IT infrastructure, including the power to completely disconnect federal networks that control the nation’s critical infrastructure if they’re found to have vulnerabilities.
It is interesting to note that the term “critical infrastructure” aren’t defined in the bill, and the Center for Democracy and Technology (CDT) President Leslie Harris argues the new regulations could cover not just water distribution, the power grid and banks, but also telecommunications, Internet service providers and even Internet application companies like Google and Microsoft.
She points to a provision in the bill designed to facilitate sharing of information between the government and private companies, giving the U.S. Department of Commerce seemingly unadulterated power to monitor companies’ networks
Referring to “federal government and private-sector owned critical information systems and networks,” the bill stipulates, “the Secretary of Commerce shall have access to all relevant data concerning such networks without regard to any provision of law, regulation, rule or policy restricting such access.”
Katie Martin, director of the Center for National Security Studies, calls that paragraph “troubling” and “ambiguous.” “Although it’s not clear, it seems to override all privacy protections that cover citizens’ activities on the Internet,” she says.
Martin points out that another section calls for a review of federal privacy laws, seemingly with the goal of revamping those decades-old pieces of legislation to make them more relevant to protecting users’ privacy on the Internet. “The bill appears to give the Secretary of Commerce the ability to access personal identifiable information about Americans,” she says. “But this review of privacy laws means that it may not have meant to do that.”
I hope they actually decide to talk to ICANN when considering this bill. After a ten minute conversation they will realize that this private company is the biggest risk to national security – ever.
I second that Ed.