The White House needs to have the emergency authority to compel the private sector to protect U.S. critical infrastructure if it came under a sustained cyberattack, according to Sen. Susan Collins (R-ME) Tuesday.
"We simply cannot wait for a cyber 9-11 before our government takes this threat seriously and acts to protect these critical assets," said Collins, the ranking member of the Senate Committee on Homeland Security and Governmental Affairs, during a hearing on cybersecurity.
Discussing a new cybersecurity bill (.pdf) introduced by Chairman Joseph Lieberman (I-CT) last week, co-sponsor Collins said existing federal legislation does not provide the president the emergency powers to mandate private infrastructure owners and operators take necessary action to plug a cybervulnerability when it is exploited or is about to be exploited.
Under section 706 of the Communications Act of 1934 the president can take control of the nation's airwaves during war or national emergency. "That authority was passed in January of 1942," said Collins. "It was passed a month after the attack by the Japanese on Pearl Harbor, obviously a very different time and long before the Internet was conceived of." Collins worries a devastating cyberattack may fall short of the thresholds of war or threat of war necessary to trigger the law's emergency powers.
Lieberman agreed. "If there's an attack on our electric grid, I don't see in the old telecommunications law the power in the president, or anybody for instance, to order a patch to be put on a part of the grid to protect it," he said.
Thus the bill's rationale to give the president new executive powers to protect critical infrastructure from a cyberattack.