White House Cybersecurity
Internet companies and civil liberties groups were alarmed this spring when a U.S. Senate bill proposed handing the White House the power to disconnect private-sector computers from the Internet.
On April 1, 2009, Jay Rockefeller introduced the Cybersecurity Act of 2009 (S.773). Citing the vulnerability of the Internet to cyber-attacks, the bill makes provisions to turn the Department of Commerce into a public-private clearing house to share potential threat information with the owners of large private networks.
It authorizes the Secretary of Commerce to sequester any information he deems necessary, without regard to any law.
It also authorizes the president to declare an undefined “cyber-emergecy” which allows him to shut down any and all traffic to what he considers to be a compromised server.
During the week of May 26, the Obama administration also announced that it would combine the Homeland Security Council (HSC) and the National Security Council (NSC) into a new entity called the National Security Staff (NSS). This is important because HSC previously had a significant cybersecurity portfolio.
While experts agree that cyber-security improvements are necessary, there is disagreement about whether the solution is more government regulation or more private-sector innovation. Many government officials and cyber-security experts believe that the private-sector has failed to solve the cyber-security problem and that regulation is needed.
Richard Clarke states that, “Industry only responds when you threaten regulation. If industry doesn’t respond [to the threat], you have to follow through.” He believes that software companies must be forced to produce more secure programs. Bruce Schneier also supports regulation that encourages software companies to write more secure code through economic incentives.
U. S. Rep. Rick Boucher (D-VA) proposes improving cyber-security by making software companies liable for security flaws in their code. In addition, to improving software security, Clarke believes that certain industries, such as utilities and ISPs, require regulation.
On the other hand, many private-sector executives believe that more regulation will restrict their ability to improve cyber-security. Harris Miller, president of the Information Technology Association of America, believes that regulation inhibits innovation. Rick White, President and CEO of TechNet, also opposes more regulation.
He states that, “The private-sector must continue to be able to innovate and adapt in response to new attack methods in cyber space, and toward that end, we commend President Bush and the Congress for exercising regulatory restraint.” Another reason many private-sector executives oppose regulation is because it is costly. Firms are just as concerned about regulation reducing profits as they are about regulation limiting their flexibility to solve the cyber-security problem efficiently.