| On the business side it is even more indispensable. While most of us know about Amazon or eBay or even John Deer on line, the amount of business to business commerce that goes on is staggering and growing. Companies not only buy and sell things on the internet, they send and approve the invoices and transfer the funds that way as well.
Our banking system is particularly dependent on the internet for its functions as well. The movement of electronic funds, the buying and selling of assets and the basic record keeping functions of banking are all done on computers and are, for the most part, all connected to the internet.
Just for a moment try to imagine what it would be like if the internet were down, nation wide, for a week or two. You would probably be able to do your job (not Bloggers, obviously) but would you be able to do it as well as do now? Scale that up to the entire nation and then add on a time of crisis and you can see what kinds of trouble having basically no overall security for our cyber infrastructure can lead to.
This is the problem the Cybersecurity Act of 2009 aims to address. This bill has taken so long to craft because of a single glaring fact, 90% of the internet infrastructure of the United States is privately owned. This is no surprise, as many companies (not enough to really promote competition, but that is for another post) have invested heavily in the fiber optic backbones needed for the level of access that we have.
You might think that it is their responsibility to secure their networks from possible attack, since they are the owners of the physical technology. The problem is that it is many companies and there is a great deal of variability in the level of attention that they pay to security. Given the interconnected nature of the internet, security for the network as a whole will only be as good as the company that is the weakest in this area.
The Cybersecurity Act has been written to bring business and government together to try to protect the overall national interest in having a secure and functioning internet.
Some of the major features of the bill are the creation of a Cybersecurity Advisory Panel inside the White House; establishment of a scholarship for service program to encourage young talented folks to work for the government in cybersecurity and begin a process of annual reports by the Director of National Intelligence and the Commerce Secretary to Congress on the vulnerabilities of the national cyber infrastructure.
The bill is not without its controversial measures; it allows the President to declare a cyber emergency and shut down or limit access to any internet system deemed critical to the United States. This has some folks quite exorcised about the possibility of censorship similar to what we have seen in Iran during the protests against the current government there.
It is a tough issue; on the one hand we all worry about heavy handed action by the Executive Branch. Eight years of the lawless Bush administration have left many of us leery of granting more power to the President, especially when we have seen the level of illegal overreach that the Bush administration engaged in. On the other hand, if there were a concerted effort by a foreign government to crash our internet infrastructure, there has to be some legal way for the government to take action to prevent a total collapse of information flow.
What is most troubling about this new power is that there is neither reporting requirement to Congress nor any review process after a period of time. It is all well and good to give powers to the Executive Branch for the purposes of responding to an emergency but there has to be some way for them to be revoked or overruled. As rule we in the United State want to have our Congress exercise its oversight responsibility. Without a review and approval process, in place and required by law, it is far too likely that the Congress will no act to reign in abuses by the Executive Branch. This is also a legacy of the criminal Bush administration.
In general I am in favor of this bill. While there are problems, we have a pressing need to develop a unified national strategy for securing an asset which is becoming more and more central to every aspect of American life. To take a strictly hands off, market based approach is unacceptable. Just as we know that we can not rely on big banks to judge risk and balance it appropriately against profit, we can not assume that companies who own the majority of the internet infrastructure will do better.
This bill invests in R&D, looks for systemic vulnerabilities and establishes a high level adviser right in the White House. It treats the issue with the seriousness that has been lacking in this subject for a very long time. Like all things in governance will not be the end of addressing this issue, but rather the start. Given the importance of the internet to our national economy it is a good first start.
The floor is yours. |
