According to the 197-page bill, after the president declares a national cyber emergency, he can order critical infrastructure owners and operators to respond to the vulnerability in the least disruptive way possible to its operations. This potential power has been viewed suspiciously by some companies and civil libertarians, a view Collins addressed.
"We have carefully circumscribed that authority," she said. "It is limited in duration and scope."
Under the proposed legislation, the president must notify Congress before exercising these powers. Once activated, the powers last for 30 days unless the president extends them. Collins also assured the public that the bill does not grant the government new surveillance powers or allow the government to take over private networks.
Collins said the emergency authority is necessary as congressional and civilian government computer networks are "under increasing assault on all fronts." Referencing a statistic reported by Senate Sergeant-at-Arms Terrance Gainer, Collins said congressional and civilian government computer networks are attacked an average of 1.8 billion times a month. "The cyberthreat is real and the consequences of a major successful national cyberattack could be devastating," Collins said.
Fielding a question from Collins, Francis Fragos Townsend, the former White House Homeland Security Advisor under President George Bush, also agreed existing emergency powers were not sufficient to respond to a cyberattack.
"I can say unequivocally that the existing authorities are not adequate and they are ambiguous," she said.
Townsend, now chairwoman of the board of the Intelligence and National Security Alliance, noted that if the United States came under a cyberassault, the president would likely act and then go back and create the necessary authority later.
"It just cries out for us to establish the rules now in a thoughtful way," Collins said, before executive abuses occur.
♦ Photo of the White House by BAR Photography/Flickr