Legislation introduced into the Senate yesterday seeks to grant the federal government enormous power to regulate cybersecurity, even shut down private networks during a cyberattack, reports NetworkWorld.com .
Introduced by Sen. John Rockefeller (D-WV), the chairman of the Senate Committee on Commerce, Science, and Transportation, and Sen. Olympia Snowe (R-ME):
The bill aims at uniting both public and private network operators, including corporations, in developing regulations for defending computer systems before and during cyber attacks.
Rockefeller says the legislation addresses the threat to private sector infrastructure such as banking, utilities, air/rail/auto traffic control, and telecommunications.
But even Rockefeller said the bill was a starting point and not a finished product.
“This legislation is the beginning of the process - the objective of this cybersecurity bill is to start the debate and chairman Rockefeller welcomes comments from all parties, he is sitting down with stakeholders already and he welcomes input from all those supportive of the legislation and those with concerns,” said Jena Longo, deputy communications director for the U.S. Senate Committee on Commerce, Science & Transportation.
The bill would also create a cybersecurity "czar," appointed by the president, to run another creation: the Office of the National Cybersecurity Adviser. The office will have the power to shut down government and private networks during a cyberattack.
There is fear among industry and Internet rights groups that this power could extend to large Internet service network providers like Google, Microsoft, AOL, Yahoo, and others, according to NetworkWorld.com.
The broader IT industry is also less than enthusiastic about mandatory cybersecurity standards. Jim Dempsey, vice president for public policy at the Center for Democracy and Technology, told The Washington Post that mandatory standards represent a "third rail."
Rohyt Belani, CEO of the Intrepidus Group, told the E-Commerce Times that government often rushes into regulation without thinking it through adequately.
"What often happens is that regulators will come up with a rule or regulation in the tech space -- but once it is implemented it is clear they didn't think it through or ask a technologist for advice," he said.
But there may be an upside for IT security and compliance staff, Belani says. Mandatory standards mean mandatory compliance, which means more resources from management for IT departments.