‘Kill Switch’ Drives Cyber Debate; Industry Pushes ‘Partnership’
The fear that President Barack Obama could unilaterally shut down the Internet in an emergency is driving the debate over cybersecurity bills in Congress, regardless of how feasible such a shutdown would be, cybersecurity experts told us. But that’s not stopping cybersecurity vendors, policy analysts and the larger business community from pushing forward with the less juicy but long-advocated emphasis on an improved public-private “partnership."
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
The recent clamor about ‘kill switch’ provisions among lawmakers is largely a response to overwhelming constituent concerns over an Egypt-like Internet shutdown of U.S. networks, cybersecurity experts said. Senior Republican lawmakers say they have gotten more constituent mail on the issue of an Internet “kill switch” than any other issue, said Jim Lewis, director of the technology and public policy program at the Center for Strategic and International Studies. “They are trying to respond to this and getting people to calm down even though technically it isn’t a big concern,” he said. “The overall intent is to prevent the president from shutting down the Internet. But the president never really had the ability to shut down the Internet,” said Lewis. “People are worried about something that is impossible to do."
Ranking Member Susan Collins, R-Maine, of the Senate Homeland Security Committee defended the changes to her cybersecurity bill in a Politico op-ed Monday (WID March 8 p6). Her revised bill, which is co-sponsored by committee Chairman Joe Lieberman, I-Conn., and Sen. Tom Carper, D-Del., “would not only prevent such a shutdown but also would make America’s critical assets safer,” Collins wrote. The bill contains a provision that explicitly forbids the president or “any other officer or employee of the federal government” to shut down the Internet (WID Feb 22 p9). The proposed legislation aims to revise and clarify federal powers under existing laws such as the 1934 Communications Act which currently provides the president with broad authority to shut down communications providers (WID Feb 7 p2).
The “kill switch” conversation is unproductive and Congress should focus on more substantial cybersecurity issues, said Dan Kaminsky, a cybersecurity researcher who discovered a serious flaw in DNS in 2008. “An Internet ‘kill switch’ is not a good idea,” said Kaminsky, named by ICANN as a “Trusted Community Representative” for the DNSSEC root last year. “It’s a bad idea from a technology standpoint, from a security standpoint, from a policy standpoint and from a diplomacy standpoint,” he said. “Yet I can’t help but feel there are more important questions to be asking in the future of the cybersecurity space. What I'm seeing is a boogey man of ‘what if they turn the Internet off?’ but there are certainly much bigger things on my radar than an action that could happen in an extreme emergency."
Meanwhile industry groups are working to shape the conversation by appealing for more cooperation and market incentives from the government. Several groups released a white paper Tuesday that outlined steps federal officials and executives should take together to improve U.S. cybersecurity. The paper argues that the government should work to augment the powers and capabilities of the existing cybersecurity framework rather than dictate new federal mandates to the industry. The groups involved with Tuesday’s white paper are: TechAmerica, the Business Software Alliance, the Center for Democracy and Technology, the Internet Security Alliance, and the U.S. Chamber of Commerce.
"The only effective way to ensure our national and economic security in cyberspace is for the government and the technology industry to work hand in glove,” said Phil Bond, TechAmerica’s president. There is no need to create a new cybersecurity framework or replace the existing partnership model with a system of government mandates that would “erode trust, threaten privacy and undermine voluntary cooperation,” the white paper said.
Congress should instead focus on private sector-driven, incentivized programs of collaboration, the white paper said. Specifically, the alliance advocated market incentives like liability considerations, indemnification and tax incentives that encourage more private sector cooperation. R&D tax credits, grant funding, updating the SAFETY Act, liability protections and reinsurance programs are practical ways that Congress can make U.S. cybersecurity more robust, the alliance wrote. Furthermore, there needs to be an ongoing, sustained collaboration mechanism to continuously assess cybersecurity incidents as they occur over time, it said.