Effective nationalization of both public and private networks will be the end result of this. Under powers granted by this proposed law, the feds could dictate terms to any company even minimally connected to the internet, all in the name of security. They could and would demand unfettered and unmonitored access to a company's network, like they do today with the telecoms and ISPs. All it will take is the first "national cyber emergency", which will somehow become the permanent state of affairs, just like "Condition Orange". Once the government takes a power, they never relinquish it. And the effects spread far beyond simple technology, because security is a combination of technology, social interaction, and management policy. The cybersecurity cops would in essence have the ability to dictate anything that they felt contributed to security, from technology choices to HIRING, FIRING, and MONITORING private sector employees. Just like they do today in defense contractors, the US government becomes the hidden judge and jury for any employee action.
Finally, militarization of the internet implies not only control by the government in all aspects, but also the concepts of acceptable risks and collateral damage. In a "cyberwar" setting, who decides the risks of using a weapon that could cause collateral damage to our own networks, or even just to simply isolate or "bunker" some system that affects the everyday lives of all citizens?
The US has long operated on the idea that even critical parts of the infrastructure like utilities are owned and operated by private companies. But the government is continually expanding their day-to-day control over private companies with convoluted regulations. Now this bill creates a completely new level of authoritarian control, that of ?sole, unreviewable discretion?. In other words, unlimited dictatorial power.
Guest editorial by Matthew Olney (Sourcefire)
So, you’re at the bar and across the room you see this incredible [insert whatever floats your boat here]. You spend an inappropriate amount of your time watching this person and your mind starts to fill in the details that the dark environment masks. Then they turn around walk towards the bar and (finally!) walk into enough light that you can see what they look like. Your first thought…”KILL IT WITH FIRE!”
This is a lot how I felt as I read through the “Protecting Cyberspace as a National Asset Act of 2010” (pdf), a 199-page piece of legislation introduced by Senator Lieberman (I-CT) along with Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE). It’s worth noting, in reviewing the legislation that Susan Collins and Joe Lieberman are the ranking members of the Senate Committee on Homeland Security and Governmental Affairs for their respective parties (with Joe Lieberman counting as a Democrat for the purposes of committees).
This is an impressive, expansive and ambitious piece of legislation, completely reworking the Federal government’s management of cyber security issues. There are a lot of things in the bill that I think are necessary. Of course, as you’ve probably seen by this point, there are a couple of issues that, erm, have “opportunity for improvement.”
First up is the creation of the Office of Cyberspace Policy within the Office of the President. There is little in our world today that is as poorly managed, rapidly changing and outright dangerous as “cyberspace”. Having an apparatus at the level of the White House that manages these issues from a strategic point of view is important. It is this office that would be tasked with creating a “national strategy to increase the security and resiliency of cyberspace”. It is also the first place (page 9) you notice the incredible breadth of changes in the bill.
The Director of Cyberspace Policy is tasked with, to paraphrase, overseeing all policies and activities of the Federal Government across “all instruments of national power” to ensure the security and resiliency of cyberspace. The act specifically cites diplomatic, economic, military, intelligence, law enforcement and homeland security activities and also calls for the management of “offensive activities, defensive activities and other policies and activities necessary to ensure effective capabilities to operate in cyberspace”. So while it is organized for “Protecting Cyberspace,” the options available to ensure cyberspace is available is…well everything, including utilizing the NSA and Cyber Commands offensive capabilities to keep the peace. This office operates at the highest executive level, and the capability of every tool available, even offensive ones, needs to be understood.
Next — the National Center for Cybersecurity and Communications
