Cybersecurity Act of 2009

On April 1st 2009, senators John D. Rockefeller IV, Evan Bayh , Bill Nelson and Olympia Snowe annouced the introduction of the “Cybersecurity Act of 2009″.

I personally  find some of the provisions of the bill quite interesting such as the section dedicated to centralizing vulnerability information, funding research through the National Science Foundation (NSF), and requiring certifications of cybersecurity personnel.

The introduction of this act, although quite well intentioned has stirred quite a debate amongst many Americans. What most people seem to be focused on is the section relating to presidential powers relating to disconnecting critical infrastructure. Below is a quote directly from the bill as introduced and I have highlighted the most controversial or notable subsections:

“SEC. 18. CYBERSECURITY RESPONSIBILITIES AND AUTHORITY.
The President–
(1) within 1 year after the date of enactment of this Act, shall develop and implement a comprehensive national cybersecurity strategy, which shall include–
(A) a long-term vision of the Nation’s cybersecurity future; and
(B) a plan that encompasses all aspects of national security, including the participation of the private sector, including critical infrastructure operators and managers;
(2) may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network; (continue reading...)