Wants federal control over companies’ cyber security systems
The Obama administration conducted a mock cyber attack on New York City yesterday in an effort to gain support in the Senate for a cybersecurity bill that internet providers argue will prevent them from making real security improvements.
“Senators from both parties gathered behind closed doors in the U.S. Capitol yesterday for the classified briefing attended by Homeland Security Secretary Janet Napolitano, FBI Director Robert Mueller and other administration officials.” reports Bloomberg.
White House spokesperson Caitlin Hayden said that the staged attack was “intended to provide all senators with an appreciation for new legislative authorities that would help the U.S. government prevent and more quickly respond to cyber attacks,”.
Hayden added that the Senate will receive a classified briefing on the “hypothetical cyber attack against United States critical infrastructure networks.”
The networks attacked during the mock event reportedly included U.S. banks, power grids and telecommunications systems.
Also reportedly present at the demonstration, were Gen. Keith Alexander, director of the Defense Department’s Cyber Command; Ashton Carter, deputy secretary of Defense; Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff; James Cole, deputy attorney general; Stephanie O’Sullivan, principal deputy director of national intelligence; Howard Schmidt, cybersecurity coordinator at the White House; Cam Kerry, general counsel of the Commerce Department; Thomas D’Agostino, under secretary for nuclear security and administrator, National Nuclear Security Administration; and Chris Painter, coordinator of cyber issues at the State Department.
Republican Senator Susan Collins, co-sponsor of the cybersecurity bill said that the demonstration was “very compelling,” adding that “It illustrated the problem and why legislation is desperately needed,”.
The other sponsors of the bill, which is supported by Obama, are Sens. Joseph Lieberman (I-Conn.), Jay Rockefeller (D-W.Va.) and Dianne Feinstein (D-Calif.)
Critics contend that the bill contains several provisions that represent a sweeping power grab on behalf of the federal government.
A measure recently added to the bill by Collins and Lieberman, and supported by Obama, would empower the Department of Homeland Security to conduct “risk assessments” of private companies in sectors deemed critical to U.S. national and economic security, forcing them to comply with expensive mandates to secure their systems.
ISPs AT&T and Comcast have denounced the provision, declaring that federal oversight will stifle innovation.
“Such requirements could have an unintended stifling effect on making real cybersecurity improvements,” Edward Amoroso, chief security officer for Dallas-based AT&T, said in testimony at the hearing. “Cyber adversaries are dynamic and increasingly sophisticated, and do not operate under a laboriously defined set of rules or processes.”
The ISP’s are backing a competing GOP bill, co-sponsored by John McCain, that promotes incentives for operators to share threat information with one another and with federal agencies, rather than regulatory mandates.
The companies say that the competing bill would help them “avoid new regulations while promoting information-sharing through incentives such as protection from lawsuits.”
As we have previously reported, the Cybersecurity Act originally legislated for an Internet ‘kill switch’ that would allow the President to shut down parts of the Internet in an emergency.
While the provision was dropped after being much publicized, the White House still claims that it already retains such powers under the law that created the Federal Communications Commission in 1934. This law states that if a “state of public peril or disaster or other national emergency” exists, the president may “authorize the use or control of any…station or device.”