Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Is the latest cybersecurity bill an Internet takeover by the fed?

The latest cybersecurity bill is designed to help the government safeguard cybernetworks. But is the bill tantamount to an Internet takeover by the government?

Last month, I wrote about the Rockefeller-Snowe Cybersecurity Act of 2009 (Senate Bill 773) cybersecurity bill, which is a government regulation intended to protect us from the evils lurking on the Internet. But equally powerful -- and scary -- is the Lieberman-Collins-Carper legislation. The Protecting Cyberspace as a National Asset Act of 2010 (Senate Bill 3480) was introduced this year and appears to inch the government closer to an Internet takeover.

Before I explain why I believe this bill is so foreboding, take a look at its key components in the graphic below.

Government Internet regulations

Bureaucracy created by government regulations of cyberspace.

Doing a first read through of the bill’s one-page summary (which, ironically, is two pages), you might think it’s being pushed for the greater good. But after going through all 197 pages of the bill, you discover a devil or two living in its details.

As with the Cybersecurity Act of 2009, the Lieberman-Collins-Carper government Internet bill is so broad and so conveniently vague you can’t help but laugh -- and cower. But, then, that’s the intent. The motivation of politicians in Washington is that of job security, which is served by their own political expediency. Sen. Jay Rockefeller (D.-W. Va.) summed it up best in his statement regarding his cybersecurity legislation: "We must protect our critical infrastructure at all costs.” Scary. Sen. Joseph Lieberman (I-Conn.), on the other hand, took a more politically savvy approach in response to concerns about his Internet bill, stating that “the government should never take over the Internet.”

Yet, this cybersecurity act still allows the president to enact emergency government Internet measures when he deems necessary that could last up to 30 days, not including extensions. This is the frightening part: Everything is at the government’s discretion. It makes an Internet takeover by the government seem not so remote.

As with most new laws, there can be many unintended consequences that have a negative impact on businesses and individuals. Sadly, much of this can have to do with politicians' desire to ram legislation through Congress without much consideration for its long-term impact.

The Rockefeller-Snowe Cybersecurity Act of 2009 and the Protecting Cyberspace as a National Asset Act of 2010 better serve a small number of special interests than they do the greater good. It’s not only a way for the government to gain further control of the economy, but it would also be a great way to force an additional layer of taxation upon its citizens. Don’t be fooled by the buy-in from large vendors such as Symantec Corp., Microsoft, EMC Corp. and Verizon for this bill. I’m pretty sure they’re not in the game for purely altruistic reasons.

Luckily, this cybersecurity bill hasn’t seen any action since summer. That doesn’t mean it won’t rear its ugly head at some point. As recent history tells us, politicians will never let a good crisis go to waste. I could foresee either of these cybersecurity bills being brought to the forefront the next time there’s a widespread malware or denial-of-service attack. The reality is, we’ll likely see nothing until after the election or perhaps once Obama’s lame-duck session is over in 2011. Just stay tuned and stay informed, as anything’s possible in D.C.

Kevin Beaver is an information security consultant and expert witness, as well as a seminar leader and keynote speaker at Atlanta-based Principle Logic LLC. Beaver has authored/co-authored eight books on information security, including The Practical Guide to HIPAA Privacy and Security Complianceand the newly updated Hacking For Dummies, 3rd edition. In addition, he’s the creator of the Security On Wheels information security audiobooks and blog.    

Next Steps

#GRCChat participants talk cybersecurity legislation and consumer data privacy

Dig Deeper on Risk management and compliance

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

It's a sad reality - the bills are vague, the regulatory and executive branches get to decide what they mean. If things go well, the authors take the credit, if badly, they can say "That's not what we had in mind."

The 30 day executive emergency powers do really concern me, though. Good catches, Kevin; nice work.