New bipartisan bill would give president power to step in and stop 'cyber 9/11'

A bipartisan cybersecurity bill introduced Thursday would give the president new authority to declare a national "cyber emergency" and take steps to protect critical assets during an attack.

"We cannot afford to wait for a 'cyber 9/11' before our government finally realizes the importance of protecting our digital resources, limiting our vulnerabilities and mitigating the consequences of penetrations of our networks," Sen. Susan CollinsSusan Margaret CollinsTransit funding, broadband holding up infrastructure deal The Hill's Morning Report - Infrastructure vote fails; partisan feud erupts over Jan. 6 panel Senate falling behind on infrastructure MORE (R-Maine) said in a floor statement introducing the bill with Sens. Joe Lieberman (I-Conn.) and Thomas Carper (D-Del.).

The Protecting Cyberspace as a National Asset Act would move the operational center for civilian cybersecurity from the White House to the Department of Homeland Security (DHS) and establish a permanent Office of Cyberspace Policy within the White House with a Senate-confirmed presidential appointee in charge. That individual would have an advisory rather than an operational role.

Under the bill, DHS's new National Center for Cybersecurity and Communications (NCCC) would be responsible for protecting against - and responding to - attacks on federal civilian networks as well as any private-sector assets deemed critical, a job that currently resides in the White House. That authority is now limited to private networks whose suspension would result in deaths or massive property damage, according to a Senate aide.

The NCCC director would have operational authority over civilian networks, similar to the position occupied by Gen. Keith Alexander, head of the National Security Agency and commander of the new U.S. Cyber Command. The director would be appointed by the president, confirmed by the Senate and report directly to the secretary of Homeland Security.

The bill also would allow the president to declare a national cyberemergency. After notifying Congress, he could order immediate measures be taken to safeguard any critical assets.

The lawmakers argued the emergency measures are part of a "reasonable framework," as they would expire after 30 days. But the bill would allow the president or NCCC director to extend them simply by saying in writing that a threat still exists.

Privacy advocates are likely to raise concerns about the emergency provisions; the decision to house operational security at DHS will also likely meet with opposition. Critics point to Alexander’s role as proof the intelligence community already has too much influence over cybersecurity.

Other measures in the bill include a sweeping overhaul of the Federal Information Security Management Act based on previous legislation introduced by Carper.