Cybersecurity Legislation and a License to Kill [Switch]
Over the past few weeks, we’ve been closely following new cybersecurity legislation introduced by Sens. Lieberman, Collins and Carper, a 197-page bill that, among other things, would provide the President with the emergency authority to shut down the nation’s Internet connectivity in the event of a major cyber attack on the United States.
Deemed an Internet “kill switch,” the bill’s suggested presidential power has made its way into the limelight as government types, tech execs, privacy wonks and the media alike are all debating the idea of a cyber shutdown and whether or not some sort of ‘blockading button’ could actually exist to carry out the kill.
CNET reports that “Industry and civil liberties groups have worried about the ability to shut down parts of the Internet and raised concerns about ‘the potential for absolute power.’”
According to the Huffington Post, other groups, such as the leading technology trade association, TechAmerica, are also criticizing the bill, warning of the possible power trip and “expressing reservations about the ‘unintended consequences’ that would result from the legislation’s regulatory approach.”
Meanwhile, an article in Time magazine reports that “Other countries are also decrying the bill, fearing the impact on their own security if the US were to shut down essential parts of the Internet.”
Keeping other countries in mind, let’s rewind to July 4, 2009. Independence Day in the United States…
North Korea’s leader, Kim Jong-il, had just appointed his Number Three Son, Kim Jong-un to be his successor. And – in what is believed to be the country’s attempt to prove to the world that Jong-un’s power paraelleled his father’s – North Korea launched a series of Distributed Denial of Service (DDOS) cyber attacks on US and South Korean government and corporate websites.
Richard Clarke, cybersecurity guru and former counter-terrorism expert under Bush Senior and Bill Clinton, details the July 4 DDOS attacks in his new book “Cyber War: The Next Threat to National Security and What to Do About It.”
According to Clarke, the July 4 cyber attacks shuttered the websites of: The US Treasury, Secret Service, Department of Transportation, FTC, NASDAQ, the New York Stock Exchange sites and website for The Washington Post.
Not surprising, one of the only sites not hit by the attack was that of the White House, which, citing what-if scenarios like this one, has over 20,000 Internet servers scattered across the globe.
In getting back to the idea of the “kill switch,” with reference to the July 4 DDOS attacks, two questions come to mind:
With a 20K server-span stretching around the world, would the President actually be able to deter an attack by shutting down the nation’s Internet with the flip of a switch? And if so – still referencing the idea of 20,000+ global servers hosting the White House site – how could the “kill switch” not have a direct impact on other countries on the Web?
Regardless, it appears there are many questions left to be answered…
Asked yesterday by Candy Crowley on CNN’s “State of the Union” whether he was trying to “seize control or shut down portions of the Internet,” Sen. Lieberman replied “no way, and total misinformation,” adding that “the government should never take over the Internet.”
Yet moments later, citing China’s Internet censorship, the senator advised, “Right now, China can disconnect parts of its Internet in times of war. We need to be able to do that too.”