Wednesday, April 15, 2009
Cyber police, arrest this man...
Not that it should come as any surprise to learn that Repugnicon Olympia Snowe of ME is on board with Demonrat Jay Rockefeller of WV, but the provisions of S. 773:
To ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cyber security defenses against disruption, and for other purposes.
should be of concern to freedom-minded Americans. It looks to be yet another in an ever growing parade of bi-factional ruling coalition bills aimed at ever more centralization of control. As usual, the powers are loosely defined, delegated to the president, aimed at coordinating the security efforts of the various military and security agencies and placed under the administration of an unelected "czar."
The bill as introduced by Snowe, Rockefeller and Sen. Bill Nelson (D) FL can be seen at GovTrack.us. Under
SEC. 17. AUTHENTICATION AND CIVIL LIBERTIES REPORT.
Within 1 year after the date of enactment of this Act, the President, or the President’s designee, shall review, and report to Congress, on the feasibility of an identity management and authentication program, with the appropriate civil liberties and privacy protections, (uh-huh) for government and critical infrastructure information systems and networks.
SEC. 18. CYBERSECURITY RESPONSIBILITIES AND AUTHORITY.
(1) within 1 year after the date of enactment of this Act, shall develop and implement a comprehensive national cybersecurity strategy, which shall include--
(A) a long-term vision of the Nation’s cybersecurity future; and
(B) a plan that encompasses all aspects of national security, including the participation of the private sector, including critical infrastructure operators and managers;
(2) may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network;
(3) shall designate an agency to be responsible for coordinating the response and restoration of any Federal Government or United States critical infrastructure information system or network affected by a cybersecurity emergency declaration under paragraph (2);
(4) shall, through the appropriate department or agency, review equipment that would be needed after a cybersecurity attack and develop a strategy for the acquisition, storage, and periodic replacement of such equipment;
(5) shall direct the periodic mapping of Federal Government and United States critical infrastructure information systems or networks, and shall develop metrics to measure the effectiveness of the mapping process;
(6) may order the disconnection of any Federal Government or United States critical infrastructure information systems or networks in the interest of national security;
(7) shall, through the Office of Science and Technology Policy, direct an annual review of all Federal cyber technology research and development investments;
(8) may delegate original classification authority to the appropriate Federal official for the purposes of improving the Nation’s cybersecurity posture;
(9) shall, through the appropriate department or agency, promulgate rules for Federal professional responsibilities regarding cybersecurity, and shall provide to the Congress an annual report on Federal agency compliance with those rules;
(10) shall withhold additional compensation, direct corrective action for Federal personnel, or terminate a Federal contract in violation of Federal rules, and shall report any such action to the Congress in an unclassified format within 48 hours after taking any such action; and
(11) shall notify the Congress within 48 hours after providing a cyber-related certification of legality to a United States person.
Just in case you've become glassy eyed at the fairly innocuous language of the bill so far, here are the definitions of terms used in the draft:
In this Act:
(2) CYBER- The term ‘cyber’ means--
(A) any process, program, or protocol relating to the use of the Internet or an intranet, automatic data processing or transmission, or telecommunication via the Internet or an intranet; and
(B) any matter relating to, or involving the use of, computers or computer networks.
Broad enough brush for you?
The term ‘Federal Government and United States critical infrastructure information systems and networks’ includes Federal Government information systems and networks; and State, local, and nongovernmental information systems and networks in the United States designated by the President as critical infrastructure information systems and networks. The term ‘Internet’ has the meaning given that term by section 4(4) of the High-Performance Computing Act of 1991 (15 U.S.C. 5503(4)) and the term ‘network’ has the meaning given that term by section 4(5) of such Act (15 U.S.C. 5503(5)).
15 U.S.C. is a wonderful read. Take plenty of No-Doz. You'll find that network is further defined in section 5512.
Subscribe to Posts [Atom]