Obama 'Internet kill switch' plan approved by US Senate panel
President could get power to turn off Internet
By Grant Gross | Published: 11:02, 25 June 10
A US Senate committee has approved a wide-ranging cybersecurity bill that some critics have suggested would give the US president the authority to shut down parts of the Internet during a cyberattack.
Senator Joe Lieberman and other bill sponsors have refuted the charges that the Protecting Cyberspace as a National Asset Act gives the president an Internet "kill switch." Instead, the bill puts limits on the powers the president already has to cause "the closing of any facility or stations for wire communication" in a time of war, as described in the Communications Act of 1934, they said in a breakdown of the bill published on the Senate Homeland Security and Governmental Affairs Committee website.
The committee unanimously approved an amended version of the legislation by voice vote Thursday, a committee spokeswoman said. The bill next moves to the Senate floor for a vote, which has not yet been scheduled.
The bill, introduced earlier this month, would establish a White House Office for Cyberspace Policy and a National Center for Cybersecurity and Communications, which would work with private US companies to create cybersecurity requirements for the electrical grid, telecommunications networks and other critical infrastructure.
The bill also would allow the US president to take emergency actions to protect critical parts of the Internet, including ordering owners of critical infrastructure to implement emergency response plans, during a cyber-emergency. The president would need congressional approval to extend a national cyber-emergency beyond 120 days under an amendment to the legislation approved by the committee.
The legislation would give the US Department of Homeland Security authority that it does not now have to respond to cyber-attacks, Lieberman, a Connecticut independent, said earlier this month.
"Our responsibility for cyber defence goes well beyond the public sector because so much of cyberspace is owned and operated by the private sector," he said. "The Department of Homeland Security has actually shown that vulnerabilities in key private sector networks like utilities and communications could bring our economy down for a period of time if attacked or commandeered by a foreign power or cyber terrorists."
Other sponsors of the bill are Senators Susan Collins, a Maine Republican, and Tom Carper, a Delaware Democrat.
One critic said Thursday that the bill will hurt the nation's security, not help it. Security products operate in a competitive market that works best without heavy government intervention, said Wayne Crews, vice president for policy and director of technology studies at the Competitive Enterprise Institute, an anti-regulation think tank.
"Policymakers should reject such proposals to centralize cyber security risk management," Crews said in an e-mail. "The Internet that will evolve if government can resort to a 'kill switch' will be vastly different from, and inferior to, the safer one that will emerge otherwise."
Cybersecurity technologies and services thrive on competition, he added. "The unmistakable tenor of the cybersecurity discussion today is that of government steering while the market rows," he said. "To be sure, law enforcement has a crucial role in punishing intrusions on private networks and infrastructure. But government must coexist with, rather than crowd out, private sector security technologies."
On Wednesday, 24 privacy and civil liberties groups sent a letter raising concerns about the legislation to the sponsors. The bill gives the new National Center for Cybersecurity and Communications "significant authority" over critical infrastructure, but doesn't define what critical infrastructure is covered, the letter said.
Without a definition of critical infrastructure there are concerns that "it includes elements of the Internet that Americans rely on every day to engage in free speech and to access information," said the letter, signed by the Center for Democracy and Technology, the American Civil Liberties Union, the Electronic Frontier Foundation and other groups.
"Changes are needed to ensure that cybersecurity measures do not unnecessarily infringe on free speech, privacy, and other civil liberties interests," the letter added.
---------------------------------------
90 percent of businesses say they have fallen victim to a cyber security breach at least once in the past 12 months. That percentage isn't based on a small number either: 583 US companies participated in the questionnaire.
The data comes from a new survey of US IT and IT Security professionals, conducted independently by Ponemon Institute and sponsored by Juniper Networks. You can check out the 25-page report here: Perceptions About Network Security (PDF).
The 90 percent number is just for one breach; organizations today are experiencing multiple breaches. In fact, more than half (59 percent) of respondents cited two or more breaches in the past 12 months. Companies indicate that security breaches have cost them a least half a million dollars to address in terms of cash outlays, business disruption, revenue losses, internal labor, overhead, and other expenses. Most respondents (59 percent) report that the most severe consequence of any breach was the theft of information assets followed by business disruption.
It gets worse. Security attacks are on the rise, according to the data provided by these companies. 43 percent of respondents indicating there has been a significant increase in the frequency of cyber attacks during the past 12 months and 77 percent say these attacks have become more severe or difficult to detect/contain. As a result of these multiple breaches, more than one-third (34 percent) of respondents say they have low confidence in the ability of their organization's IT infrastructure to prevent a network security breach in the future.
It's also worth noting that only 11 percent of respondents believe they know the source of all their network's security breaches. Unsurprisingly, employee mobile devices and laptops are seen as the most likely entry point from which serious cyber attacks are unleashed against a company.
"Our survey research provides evidence that many organizations are ill-equipped to prevent cyber attacks against networks and enterprise systems," Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. "This study suggests conventional network security methods need to improve in order to curtail internal and external threats."
"The size and complexity of today's security threats continue to intensify leaving organizations and governments vulnerable to cyber attacks," Mark Bauhaus, executive vice president and general manager of Juniper Networks Device and Network Services, said in a statement. "Business leaders need to consider a more aggressive, systemic security approach—implementing end-to-end comprehensive protection at all points in the network to help mitigate risk."
Source:
http://www.techspot.com
A US Senate committee has approved a wide-ranging cybersecurity bill that some critics have suggested would give the US president the authority to shut down parts of the Internet during a cyberattack.
Senator Joe Lieberman and other bill sponsors have refuted the charges that the Protecting Cyberspace as a National Asset Act gives the president an Internet "kill switch." Instead, the bill puts limits on the powers the president already has to cause "the closing of any facility or stations for wire communication" in a time of war, as described in the Communications Act of 1934, they said in a breakdown of the bill published on the Senate Homeland Security and Governmental Affairs Committee website.
The committee unanimously approved an amended version of the legislation by voice vote Thursday, a committee spokeswoman said. The bill next moves to the Senate floor for a vote, which has not yet been scheduled.
The bill, introduced earlier this month, would establish a White House Office for Cyberspace Policy and a National Center for Cybersecurity and Communications, which would work with private US companies to create cybersecurity requirements for the electrical grid, telecommunications networks and other critical infrastructure.
The bill also would allow the US president to take emergency actions to protect critical parts of the Internet, including ordering owners of critical infrastructure to implement emergency response plans, during a cyber-emergency. The president would need congressional approval to extend a national cyber-emergency beyond 120 days under an amendment to the legislation approved by the committee.
The legislation would give the US Department of Homeland Security authority that it does not now have to respond to cyber-attacks, Lieberman, a Connecticut independent, said earlier this month.
"Our responsibility for cyber defence goes well beyond the public sector because so much of cyberspace is owned and operated by the private sector," he said. "The Department of Homeland Security has actually shown that vulnerabilities in key private sector networks like utilities and communications could bring our economy down for a period of time if attacked or commandeered by a foreign power or cyber terrorists."
Other sponsors of the bill are Senators Susan Collins, a Maine Republican, and Tom Carper, a Delaware Democrat.
One critic said Thursday that the bill will hurt the nation's security, not help it. Security products operate in a competitive market that works best without heavy government intervention, said Wayne Crews, vice president for policy and director of technology studies at the Competitive Enterprise Institute, an anti-regulation think tank.
"Policymakers should reject such proposals to centralize cyber security risk management," Crews said in an e-mail. "The Internet that will evolve if government can resort to a 'kill switch' will be vastly different from, and inferior to, the safer one that will emerge otherwise."
Cybersecurity technologies and services thrive on competition, he added. "The unmistakable tenor of the cybersecurity discussion today is that of government steering while the market rows," he said. "To be sure, law enforcement has a crucial role in punishing intrusions on private networks and infrastructure. But government must coexist with, rather than crowd out, private sector security technologies."
On Wednesday, 24 privacy and civil liberties groups sent a letter raising concerns about the legislation to the sponsors. The bill gives the new National Center for Cybersecurity and Communications "significant authority" over critical infrastructure, but doesn't define what critical infrastructure is covered, the letter said.
Without a definition of critical infrastructure there are concerns that "it includes elements of the Internet that Americans rely on every day to engage in free speech and to access information," said the letter, signed by the Center for Democracy and Technology, the American Civil Liberties Union, the Electronic Frontier Foundation and other groups.
"Changes are needed to ensure that cybersecurity measures do not unnecessarily infringe on free speech, privacy, and other civil liberties interests," the letter added.
---------------------------------------
Security
90% of businesses say they were hacked in the last year
The data comes from a new survey of US IT and IT Security professionals, conducted independently by Ponemon Institute and sponsored by Juniper Networks. You can check out the 25-page report here: Perceptions About Network Security (PDF).
The 90 percent number is just for one breach; organizations today are experiencing multiple breaches. In fact, more than half (59 percent) of respondents cited two or more breaches in the past 12 months. Companies indicate that security breaches have cost them a least half a million dollars to address in terms of cash outlays, business disruption, revenue losses, internal labor, overhead, and other expenses. Most respondents (59 percent) report that the most severe consequence of any breach was the theft of information assets followed by business disruption.
It gets worse. Security attacks are on the rise, according to the data provided by these companies. 43 percent of respondents indicating there has been a significant increase in the frequency of cyber attacks during the past 12 months and 77 percent say these attacks have become more severe or difficult to detect/contain. As a result of these multiple breaches, more than one-third (34 percent) of respondents say they have low confidence in the ability of their organization's IT infrastructure to prevent a network security breach in the future.
It's also worth noting that only 11 percent of respondents believe they know the source of all their network's security breaches. Unsurprisingly, employee mobile devices and laptops are seen as the most likely entry point from which serious cyber attacks are unleashed against a company.
"Our survey research provides evidence that many organizations are ill-equipped to prevent cyber attacks against networks and enterprise systems," Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. "This study suggests conventional network security methods need to improve in order to curtail internal and external threats."
"The size and complexity of today's security threats continue to intensify leaving organizations and governments vulnerable to cyber attacks," Mark Bauhaus, executive vice president and general manager of Juniper Networks Device and Network Services, said in a statement. "Business leaders need to consider a more aggressive, systemic security approach—implementing end-to-end comprehensive protection at all points in the network to help mitigate risk."
Source:
http://www.techspot.com
0 comments:
Post a Comment