Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

03:08 PM

Latest Version Of Cybersecurity Act Lessens Presidential Power

Chief exec no longer has unilateral power to disconnect networks from the Internet in the event of a major cyberattack

The Senate Wednesday re-introduced a cybersecurity bill it considered last year, minus a provision that would have allowed the president to shut down the Internet in the event of a major cyber attack.

The Cybersecurity Act, S. 773, co-sponsored by Senators Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine), is aimed at protecting critical U.S. network infrastructure against cybersecurity threats by fostering collaboration between the federal government and the private sectors that maintain that infrastructure.

The legislation was originally introduced last April in a two-bill package that together called for the creation of a national cybersecurity adviser, as well as aimed to revise cybersecurity processes and oversight in government, facilitate public-private partnerships on keeping computer systems safe, fund cybersecurity research, and encourage the hiring of more cybersecurity specialists.

Companion legislation that would create the national cybersecurity adviser position -- the National Cybersecurity Advisor Act, S.778 -- is still pending before the Senate Committee on Homeland Security and Government Affairs.

The new Cybersecurity Act more or less maintains the goals of the original bill, but also has some key differences.

One big one is that it no longer gives the president unilateral power to disconnect networks from the Internet in the event of a major cyber attack.

As written now, the bill requires the president to work with organizations that own critical network infrastructure to come up with cybersecurity emergency response plans rather than take action on his own.

The bill also includes new provisions. One creates a process for the president and those in the private sector that maintain and own critical infrastructure to come together to decide which IT systems are most crucial to national security and how they should be secured.

Another provision requires the president to provide security clearances to some private-sector officials at those organizations so they have access to classified cyber-threat information they wouldn't otherwise be privy to.

Cybersecurity is a major priority for the Obama Administration, which requested $866 million to protect networks and data in its recently announced fiscal 2011 budget.

Though that figure is slightly less than what was allocated in 2010, officials maintain cybersecurity remains top of mind for the administration, a sentiment reflected in the reintroduction of the Senate bill and other recent government actions.

The House last month passed its own cybersecurity bill, the Cybersecurity Enhancement Act of 2009 (HR 4061), first introduced by Rep. Daniel Lipinski (D-IL) last year.

That bill, though not as broad in scope as the Senate bill, funds research and development for a comprehensive cybersecurity plan that would involve the cooperation of several federal agencies.

The Department of Homeland Security also is taking steps to foster better communication between government intelligence officials and private-sector organizations looking after critical networks.

Through a pilot program the DHS recently launched, CIOs and CSOs from state and local governments as well as private-sector organizations will periodically be allowed to access classified intelligence information regarding cyber threats from state and local fusion centers.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version, that could allow unauthorized access to the driver's device object.
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version, that could cause systems to experience a blue screen error.
PUBLISHED: 2021-04-13
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.