Last month, I wrote about the Rockefeller-Snowe Cybersecurity Act of 2009 (Senate Bill 773) cybersecurity bill, which is a government regulation intended to protect us from the evils lurking on the Internet. But equally powerful -- and scary -- is the Lieberman-Collins-Carper legislation. The Protecting Cyberspace as a National Asset Act of 2010 (Senate Bill 3480) was introduced this year and appears to inch the government closer to an Internet takeover.
Before I explain why I believe this bill is so foreboding, take a look at its key components in the graphic below.
Bureaucracy created by government regulations of cyberspace.
Doing a first read through of the bill’s one-page summary (which, ironically, is two pages), you might think it’s being pushed for the greater good. But after going through all 197 pages of the bill, you discover a devil or two living in its details.
As with the Cybersecurity Act of 2009, the Lieberman-Collins-Carper government Internet bill is so broad and so conveniently vague you can’t help but laugh -- and cower. But, then, that’s the intent. The motivation of politicians in Washington is that of job security, which is served by their own political expediency. Sen. Jay Rockefeller (D.-W. Va.) summed it up best in his statement regarding his cybersecurity legislation: "We must protect our critical infrastructure at all costs.” Scary. Sen. Joseph Lieberman (I-Conn.), on the other hand, took a more politically savvy approach in response to concerns about his Internet bill, stating that “the government should never take over the Internet.”
Yet, this cybersecurity act still allows the president to enact emergency government Internet measures when he deems necessary that could last up to 30 days, not including extensions. This is the frightening part: Everything is at the government’s discretion. It makes an Internet takeover by the government seem not so remote.
As with most new laws, there can be many unintended consequences that have a negative impact on businesses and individuals. Sadly, much of this can have to do with politicians' desire to ram legislation through Congress without much consideration for its long-term impact.
The Rockefeller-Snowe Cybersecurity Act of 2009 and the Protecting Cyberspace as a National Asset Act of 2010 better serve a small number of special interests than they do the greater good. It’s not only a way for the government to gain further control of the economy, but it would also be a great way to force an additional layer of taxation upon its citizens. Don’t be fooled by the buy-in from large vendors such as Symantec Corp., Microsoft, EMC Corp. and Verizon for this bill. I’m pretty sure they’re not in the game for purely altruistic reasons.
Luckily, this cybersecurity bill hasn’t seen any action since summer. That doesn’t mean it won’t rear its ugly head at some point. As recent history tells us, politicians will never let a good crisis go to waste. I could foresee either of these cybersecurity bills being brought to the forefront the next time there’s a widespread malware or denial-of-service attack. The reality is, we’ll likely see nothing until after the election or perhaps once Obama’s lame-duck session is over in 2011. Just stay tuned and stay informed, as anything’s possible in D.C.
Kevin Beaver is an information security consultant and expert witness, as well as a seminar leader and keynote speaker at Atlanta-based Principle Logic LLC. Beaver has authored/co-authored eight books on information security, including The Practical Guide to HIPAA Privacy and Security Complianceand the newly updated Hacking For Dummies, 3rd edition. In addition, he’s the creator of the Security On Wheels information security audiobooks and blog.
#GRCChat participants talk cybersecurity legislation and consumer data privacy