Not so long ago, a simulated cyber attack showed the unpreparedness of the United States to deal effectively with such an occurrence.
When the officials “playing” the roles of various decision-makers tried to shutdown cell phone and Internet services to prevent a cascading effect, they discovered that federal agencies actually don’t have the authority to do so, and that companies providing these services might be unwilling to do it when asked.
This was by no means the first time that this fact occurred to high-positioned government officials – it is easy for the government and its administration to think they have a better shot at coordinating a unified response if such an attack occurs. And, they could be right.
But the thing that the public fears the most is the possibility of the government misusing laws that would allow it to take over civilian networks in the name of security.
A while back, two bills were introduced into the U.S. Senate that – if passed – would have made it possible for the President to access private Internet data and control cybersecurity in the private sector, and even give him the authority to shutdown the Internet in case of a cyber emergency. The bills were stripped of that provisions when the public raised its voice in opposition.
But, law-makers might yet win, since it seems that every year a similar bill will try to be introduced. It reminds me a little of braking into a safe – a combination will work eventually.
According to Wired, this latest combination is sponsored by Senators Lieberman and Collins, and aims at giving the DHS the authority to take over civilian networks in case of an “imminent cyber threat.” So, if the President declares that such a thing is happening, the DHS should “develope and coordinate emergency measures or actions necessary to preserve the reliable operation, and mitigate or remediate the consequences of the potential disruption, of covered critical infrastructure.”
Also, “the owner or operator of covered critical infrastructure shall comply with any emergency measure or action developed by the Director”.
As regards the issue of how long this measures can remain in place, the answer is: indefinitely. The actual period is supposedly 30 days tops, but the interval can be extended a month at a time for as long as the federal government deems it necessary.
If you were wondering if that bill would apply to the recent Aurora attacks, senater staffers say no. “It’d have to be Aurora 2, plus the intel that country X is going to take us down using that vulnerability,” they say. A potential attack that would be effected via machines infected by the Conficker worm might be a good time for the government to avail itself of the provisions of the bill.