Emergency powers for president dropped from cybersecurity bill

A comprehensive cybersecurity bill introduced Tuesday abandons proposals that would give the president emergency powers over the nation's networks.

“The nation responded after 9/11 to improve its security. Now we must respond to this challenge so that a cyber 9/11 attack on America never happens,” said Senate Homeland Security Committee Chairman Joe Lieberman (I-Conn.).

Public apprehension about the possibility of handing the White House a "kill switch" for the Internet has dogged the cybersecurity debate, fueled by a proposal that would have codified emergency powers for the president in the event of a catastrophic attack.

The Obama administration has indicated it already has the authority to intervene in the event of a major attack on the nation's networks, pointing to a little-known provision in Communications Act passed a month after the Japanese attack on Pearl Harbor in 1941.

Previous versions of comprehensive cybersecurity legislation from the Senate Homeland Security Committee attempted to define and limit that authority, but the sponsors dropped the provision in order to move the legislation forward. The revised legislation also doesn't establish a special White House cybersecurity office, as previous versions did.

“I can’t think of a more urgent issue facing this country. Hackers are stealing information from Fortune 500 companies, breaking into the networks of our government and security agencies and toying with the networks that power our economy," said Senate Commerce Chairman Jay Rockefeller (D-W.Va.).

More from The Hill's Hillicon Valley
♦ FCC chairman to defend budget at hearing
♦ LightSquared objects to disclosure of records
♦ A hundred groups apply for new domain endings
♦ DOJ approves Google's $12.5 billion purchase of Motorola
♦ Feinstein bill would encourage info sharing on cyber threats

"The new frontier in the war against terrorists is being fought online and this bill will level the playing field. We can and will stop cyber criminals from getting the upper hand. This comprehensive legislation is an important step towards securing the Internet from cyber theft.”

The latest version of the legislation is the culmination of three years of work by the various committees of jurisdiction. The legislation encourages information-sharing between government and the private sector and reforms the law governing how federal agencies secure their networks.

More controversial is a provision that would task the Department of Homeland Security with conducting risk assessments of the threat to economic sectors deemed crucial to the nation's physical or economic security. DHS would be in charge of crafting performance requirements, and with deciding which firms in designated sectors would be required to comply.

Several industry groups have expressed concern over the new regulations, arguing cost is the main factor preventing firms from taking further steps to secure their systems. Federal contractors would likely be forced to make significant investments to comply with the new standards.

But cybersecurity experts say the need to establish a baseline is long overdue, and argue that firms are unlikely to comply without some method of enforcement. The penalty for failing to comply with the new standards has yet to be determined, but experts have noted the market incentive for compliance would be considerable.

"Our nation’s vulnerability has already been demonstrated by the daily attempts by nation-states, cyber criminals, and hackers to penetrate our systems. The threat is not just to our national security, but also to our economic well-being," said Homeland Security ranking member Susan Collins (R-Maine).

"Our bill is needed to achieve the goal of improving the security of critical cyber systems and protecting our national and economic security.”