- Security Center
- English ▾
White House emergency control over the Internet?
This spring a U.S. Senate bill proposed a right for the White House to disconnect “critical” private computer systems and networks from the Internet in case of emergencies. The bill shifts the responsibility for cyber security from the Homeland Security Department to the White House and the overall purpose with the bill is to ensure the protection of vital infrastructure such as water, electricity, banking and electronic health records from cyber attacks. The bill was heavily criticized by the IT industry and civil liberties groups and recently a revised version of the bill was presented.
In the revised draft of the bill the President is, in the event of an immediate threat to strategic national interests involving “critical” infrastructure information system or network, entitled to:
- declare a cyber security emergency; and
- if necessary for the defence and security, direct the national response to the cyber threat and timely restoration of the affected critical infrastructure information systems or networks.
Thus, the President is granted the power to do whatever necessary to respond to the cyber threat in question including but not limited to temporarily take control of and disconnect private sector computer networks from the Internet. “Cyber” is defined as anything having to do with the Internet, telecommunications, computers or computer networks.
The bill further sets out that the White House shall engage in periodical mapping of private networks and computer systems which are deemed critical. A federal certification program is proposed to be established for so called “cyber security professionals” and certain private sector computer systems and networks that are deemed “critical” may only be managed by people who have been awarded such licenses. Accordingly, if a company is deemed as “critical”, the company will obey under a specific set of rules specifying restrictions on recruitment and special obligations on information disclosures.
Even though it is undoubtedly in everyone’s interest that vital infrastructure is safe from cyber attacks, the bill remains questionable due to the vague language which gives the President unlimited powers in case of a cyber attacks or even the mere threat thereof. The vague language of the bill is of course intentional as it aims at giving the President sufficient mandate in order to respond to a threatened or actual cyber attack. However, the bill is still heavily criticized by the IT industry and civil liberties groups, who see few improvements in this revised draft of the bill compared to the previous one. It seems like concepts such as “immediate threat”, “critical infrastructure information systems or networks” and “direct the national response” requires quite some clarifications before the IT Industry will even consider supporting the bill.