In what is really the first leg of an odyssey that Congress has embarked upon to tackle the Internet and the cybersecurity issues it presents, the Senate Committee on Homeland Security & Governmental Affairs on Friday approved S.3480, the Protecting Cyberspace as a National Asset Act of 2010 (PCNAA).
Let's keep it real. Most people will not have any idea what this bill is all about until I refer to it as the "Internet Kill Switch" bill. Images of President Obama with his index finger hovering over a big red button with the word "Internet" written upon it immediately came to mind.
A breakdown of what the PCNAA actually includes does not necessarily reveal a brand new power given to the President to "shut it all down" when it comes to the Internet and a cybersecurity threat. What it does reveal is another bureaucratic mess. The bill establishes, amongst other provisions, a White House Office for Cyberspace Policy and a National Center for Cybersecurity and Communications. Analogies have been made to the same type of authority and response mechanisms that are currently associated with FEMA. FEMA and its record with current disaster response is the exact reason why people are afraid of forming an agency or body to deal with a cyber attack: it will be constructed upon bureaucratic models that have failed to operate effectively in the past.
While the bill seems to advocate a cross-sectoral approach to tackling cybersecurity threats, it certainly does not borrow from private sector best practices when establishing the framework for what is supposed to be a response to potential "cyber warfare."
An open question is why the President's authority is even a component of this legislation. In the face of a physical threat in the "real world" to our national security that has or could cause loss of life, or is of the grave nature described by the proponents of PCNAA, the President would go to the Senate for authorization to take action, like perhaps declare "cyber war" on the perpetrator of the attack. While operationally the bill and preexisting Constitutional checks and balances may have the same outcome, it does not allay a citizen's Constitutional comfort of knowing checks and balances are in place to consider acts of war on a case-by-case basis before an action is taken that could affect many Americans.
Criticism of the bill is not meant to downplay the threats that both American businesses and the government face in terms of cybersecurity. The bill is likely to launch a necessary Congressional odyssey of how to deal with the reality of cyber attacks that could compromise our national infrastructure. As with any odyssey, it will be the journey that will be most important in arriving at national security mechanisms that best protect this country and something else that still remains important, its Constitutional values.