Obama kan straks publiek én privaat Internet in USA sluiten

[Cees Binkhorst]

REPLY TO: D66 at nic.surfnet.nl

Voor iedereen die b.v. bij Daddy een website heeft ondergebracht een
vervelende gedachte. Maak je gebruik van Amazon Cloud, dan oppassen voor
regen ;)

Je moet tegenwoordig al opletten of je onderhoudsgarage je auto buiten
parkeert of binnen, nu moet je ook nog op gaan letten waar je gegevens
worden opgeslagen.

Groet / Cees

 Bill would give Obama power to shut down Internet, networks during cyber
attacks Critical infrastructure would be under government control during
crisis
By John Fontana , Network World , 04/02/2009
http://www.networkworld.com/news/2009/040209-obama-cybersecurity-bill.html

Federal legislation introduced in the Senate this week would give
President Obama the power to declare a cybersecurity emergency and then
shut down both public and private networks including Internet traffic
coming to and from compromised systems.

The proposed legislation, introduced April 1, also would give the
President the power to “order the disconnection of any Federal government
or United States critical infrastructure information systems or networks
in the interest of national security.”

Some critics of the bill say that phrase needs to be more clearly defined.

“We are confident that the communication networks and the Internet would
be so designated [as critical infrastructure], so in the interest of
national security the president could order them disconnected.,” said
Leslie Harris, president and CEO at the Center for Democracy and
Technology (CDT), , which promotes democratic values and constitutional
liberties for the digital age.

Harris and the CDT don’t think such sweeping power is good news for
anyone, including private networks that could be shut down by government
order. Those same networks would be subject to government mandated
security standards and technical configurations.
Cybersecurity bill

The bill says the president must have a comprehensive national
cybersecurity strategy in place 12 months after the bill passes.

“This is pretty sweeping legislation,” says Harris. “Seems the President
could turn off the Internet completely or tell someone like Verizon to
limit or block certain traffic,” she said. “There is a lot to worry about
in this bill.”

In addition, an agency appointed by the President would control how and
when systems are restored.

The power could conceivably extend to large service provider networks such
as those run by Google, Microsoft, AOL, Yahoo and others who offer online
services and applications to corporations and consumers.

“We are currently studying this legislation,” said Dan Martin, a spokesman
for Google. “Security has been a priority at Google from the beginning of
the company – we recognize that secure products are instrumental in
maintaining the trust our users place in us.”

Proponents including officials from the Center for Strategic and
International Studies (CSIS) say the legislation is comprehensive and
strong and reflects the need for thorough debate around digital security
that is long overdue.

The bill was introduced by West Virginia Democratic Sen. John Rockefeller,
the chairman of the Senate Committee on Commerce, Science, and
Transportation, and Sen. Olympia Snowe, a Republican from Maine.

Rockefeller said in a statement the bill loosely parallels the
recommendations presented in December to Obama by a CSIS panel. The panel
recommended naming an assistant for cyberspace and a National Security
Council (NSC) director to coordinate government response to cyber threats.

The 51-page Rockefeller/Snowe bill calls for the appointment of a National
Cybersecurity Advisor that reports directly to the President.

“[Rockefeller/Snowe] got input form a lot of sources, including the CSIS
report, so there is more there than we had laid out. It’s a strong bill,”
said Jim Lewis, director and senior fellow in the technology and public
policy program at CSIS.

Related Content

The bill aims at uniting both public and private network operators,
including corporations, in developing regulations for defending computer
systems before and during cyber attacks.

Rockefeller says the legislation addresses the threat to private sector
infrastructure such as banking, utilities, air/rail/auto traffic control,
and telecommunications.

But even Rockefeller said the bill was a starting point and not a finished
product.

“This legislation is the beginning of the process - the objective of this
cybersecurity bill is to start the debate and chairman Rockefeller
welcomes comments from all parties, he is sitting down with stakeholders
already and he welcomes input from all those supportive of the legislation
and those with concerns,” said Jena Longo, deputy communications director
for the U.S. Senate Committee on Commerce, Science & Transportation.

CDT’s Harris said there is likely to be much concern from the private
sector. In CDT’s evaluation of the bill’s language, Harris says “We read
this bill to say it sets a technical standard and one way to do things.”

She says the government could establish standards on how to configure
software and on security configurations that would apply to anything the
President says is critical infrastructure.

“If you are a bank or a communications network and you are critical
infrastructure you have to meet those standards,” says Harris. Such a
mandate, she says, would undermine innovation and weaken security because
all critical infrastructure would be running the same technology that once
compromised would see networks fall like dominoes.

But it is that kind of input, says CSIS Lewis, that the bill is designed
to draw out.

“It takes a broad brush approach,” he says. “It’s got sections on
organization, strategy, education, technology standards, public private
partnership and a little regulatory authority. No previous U.S. effort has
been as comprehensive, and that’s one of the main reasons all our previous
efforts failed. This is a big step forward,” said Lewis.

But he added that all that might add up to the bill never getting passed.
“But it’s good to put people on notice that the standard half-baked or
half-witted solutions won't cut it."

**********
Dit bericht is verzonden via de informele D66 discussielijst (D66 at nic.surfnet.nl).
Aanmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SUBSCRIBE D66 uwvoornaam uwachternaam
Afmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SIGNOFF D66
Het on-line archief is te vinden op: http://listserv.surfnet.nl/archives/d66.html
**********