How Can Cyber Security Be Improved? Richard Clarke on Threats & Computer Infrastructure (2010)
On July 1, 2009, Senator Jay Rockefeller (D-WV) introduced the “Cybersecurity Act of 2009 – S. 773” in the Senate; the bill, co-written with Senators Evan Bayh (D-IN), Barbara Mikulski (D-MD), Bill Nelson (D-FL), and Olympia Snowe (R-ME), was referred to the Committee on Commerce, Science, and Transportation, which approved a revised version of the same bill (the “Cybersecurity Act of 2010”) on March 24, 2010. The bill seeks to increase collaboration between the public and the private sector on cybersecurity issues, especially those private entities that own infrastructures that are critical to national security interests (the bill quotes John Brennan, the Assistant to the President for Homeland Security and Counterterrorism: “our nation’s security and economic prosperity depend on the security, stability, and integrity of communications and information infrastructure that are largely privately owned and globally operated” and talks about the country’s response to a “cyber-Katrina”), increase public awareness on cybersecurity issues, and foster and fund cybersecurity research. Some of the most controversial parts of the bill include Paragraph 315, which grants the President the right to “order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network.” The Electronic Frontier Foundation, an international non-profit digital rights advocacy and legal organization based in the United States, characterized the bill as promoting a “potentially dangerous approach that favors the dramatic over the sober response.”
On March 25, 2010, Representative Yvette Clarke (D-NY) introduced the “International Cybercrime Reporting and Cooperation Act – H.R.4962″ in the House of Representatives; the bill, co-sponsored by seven other representatives (among whom only one Republican), was referred to three House committees. The bill seeks to make sure that the administration keeps Congress informed on information infrastructure, cybercrime, and end-user protection worldwide. It also “directs the President to give priority for assistance to improve legal, judicial, and enforcement capabilities with respect to cybercrime to countries with low information and communications technology levels of development or utilization in their critical infrastructure, telecommunications systems, and financial industries” as well as to develop an action plan and an annual compliance assessment for countries of “cyber concern”.
On June 19, 2010, United States Senator Joe Lieberman (I-CT) introduced a bill called “Protecting Cyberspace as a National Asset Act of 2010 – S.3480″ which he co-wrote with Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE). If signed into law, this controversial bill, which the American media dubbed the “Kill switch bill”, would grant the President emergency powers over the Internet. However, all three co-authors of the bill issued a statement claiming that instead, the bill “[narrowed] existing broad Presidential authority to take over telecommunications networks”.
On May 12, 2011, the White House sent Congress a proposed cybersecurity law designed to force companies to do more to fend off cyberattacks, a threat that has been reinforced by recent reports about vulnerabilities in systems used in power and water utilities.
Executive order 13636 Improving Critical Infrastructure Cybersecurity was signed February 12, 2013.