Lawmakers frustrated by Internet "kill switch" reports

Lawmakers seeking to craft a comprehensive cybersecurity bill are growing increasingly frustrated with characterizations of their legislative efforts as providing the president with a "kill switch" for the Internet.

The Senate Homeland Security Committee approved a comprehensive cybersecurity bill in June, only to have it repeatedly criticized in the media as providing the president with the authority to shut down portions of the Internet in the event of an emergency. At the time, Sen. Susan Collins (R-Maine), one of the bill's sponsors, said she was frustrated by what she views as a mischaracterization of the bill.

At the heart of the issue is whether the president already has the authority to intervene in private-sector networks in the event of such an emergency. Collins and other supporters of the bill contend the president has had that authority for some time under a little-known provision of the Communications Act passed one month after the December 1941 Japanese attack on Pearl Harbor. 

"The president's had that authority for a while," said a senior Senate aide, who asked not to be identified. The aide said the "kill switch" is a misnomer because the infrastructure that supports the Internet in the U.S. makes it impossible to take down the entire network from one location. But the aide said the storyline has picked up steam because it's very difficult for the public to conceptualize the severity of the cyber-threats facing the United States.

Department of Homeland Security (DHS) Under Secretary Philip Reitinger's testimony from earlier this year indicates the administration also believes it already has the authority to intervene in private-sector networks. 

The Homeland Security bill would actually limit the president's ability to intervene to protect private-sector networks, giving the office that power only in the case of events that could cause either billions of dollars in damage or significant loss of life.

Another factor complicating the push for cybersecurity legislation is the long-standing turf battle over who should be in charge of protecting private-sector networks. The aide argued DHS is the natural choice because of its role coordinating the nation's physical security. The aide also noted that if intelligence agencies are placed in charge of civilian cybersecurity, much of the data on threats would stay highly classified.

However, members of the Senate Commerce Committee have argued for a more hands-off approach involving recommendations from the National Institute of Standards and Technology. Both sides have also clashed over the regulatory mechanism that would enforce any cybersecurity requirements imposed by the government.

Republicans have argued the military and intelligence community should be left in charge of cybersecurity, with Sen. John McCain (R-Ariz.) a particularly vocal critic of giving DHS the additional responsibility.

Because of the contentious nature of the debate, it's likely aspects of the legislation will be broken up and incorporated into spending bills and other legislation by Senate Majority Leader Harry Reid (D-Nev.). 

Reid is already in possession of a set of principles and legislative language agreed upon by lawmakers, which address many of the reforms that have been widely agreed upon but fail to resolve the issue of who should be put in charge of civilian cybersecurity.