Obama Internet kill switch plan approved by US Senate

President could get power to turn off Internet

By Grant Gross

A US Senate committee has approved a wide-ranging cybersecurity bill that some critics have suggested would give the US president the authority to shut down parts of the Internet during a cyberattack.

Senator Joe Lieberman and other bill sponsors have refuted the charges that the Protecting Cyberspace as a National Asset Act gives the president an Internet “kill switch.” Instead, the bill puts limits on the powers the president already has to cause “the closing of any facility or stations for wire communication” in a time of war, as described in the Communications Act of 1934, they said in a breakdown of the bill published on the Senate Homeland Security and Governmental Affairs Committee website.

The committee unanimously approved an amended version of the legislation by voice vote Thursday, a committee spokeswoman said. The bill next moves to the Senate floor for a vote, which has not yet been scheduled.

The bill, introduced earlier this month, would establish a White House Office for Cyberspace Policy and a National Center for Cybersecurity and Communications, which would work with private US companies to create cybersecurity requirements for the electrical grid, telecommunications networks and other critical infrastructure.

The bill also would allow the US president to take emergency actions to protect critical parts of the Internet, including ordering owners of critical infrastructure to implement emergency response plans, during a cyber-emergency. The president would need congressional approval to extend a national cyber-emergency beyond 120 days under an amendment to the legislation approved by the committee.

The legislation would give the US Department of Homeland Security authority that it does not now have to respond to cyber-attacks, Lieberman, a Connecticut independent, said earlier this month.

“Our responsibility for cyber defence goes well beyond the public sector because so much of cyberspace is owned and operated by the private sector,” he said. “The Department of Homeland Security has actually shown that vulnerabilities in key private sector networks like utilities and communications could bring our economy down for a period of time if attacked or commandeered by a foreign power or cyber terrorists.”

Other sponsors of the bill are Senators Susan Collins, a Maine Republican, and Tom Carper, a Delaware Democrat.

One critic said Thursday that the bill will hurt the nation’s security, not help it. Security products operate in a competitive market that works best without heavy government intervention, said Wayne Crews, vice president for policy and director of technology studies at the Competitive Enterprise Institute, an anti-regulation think tank.

“Policymakers should reject such proposals to centralize cyber security risk management,” Crews said in an e-mail. “The Internet that will evolve if government can resort to a ‘kill switch’ will be vastly different from, and inferior to, the safer one that will emerge otherwise.”

Cybersecurity technologies and services thrive on competition, he added. “The unmistakable tenor of the cybersecurity discussion today is that of government steering while the market rows,” he said. “To be sure, law enforcement has a crucial role in punishing intrusions on private networks and infrastructure. But government must coexist with, rather than crowd out, private sector security technologies.”

On Wednesday, 24 privacy and civil liberties groups sent a letter raising concerns about the legislation to the sponsors. The bill gives the new National Center for Cybersecurity and Communications “significant authority” over critical infrastructure, but doesn’t define what critical infrastructure is covered, the letter said.

Without a definition of critical infrastructure there are concerns that “it includes elements of the Internet that Americans rely on every day to engage in free speech and to access information,” said the letter, signed by the Center for Democracy and Technology, the American Civil Liberties Union, the Electronic Frontier Foundation and other groups.

“Changes are needed to ensure that cybersecurity measures do not unnecessarily infringe on free speech, privacy, and other civil liberties interests,” the letter added.

US appoints first cyber warfare general

The Pentagon is channelling a growing volume of troops and resources into countering cyber warfare. Photograph: Mike Nelson/AFP/Getty Images

Pentagon creates specialist online unit to counter cyber attack amid growing fears of militarisation of the internet

By: Peter Beaumont

The US military has appointed its first senior general to direct cyber warfare – despite fears that the move marks another stage in the militarisation of cyberspace.

The newly promoted four-star general, Keith Alexander, takes charge of the Pentagon’s ambitious and controversial new Cyber Command, designed to conduct virtual combat across the world’s computer networks. He was appointed on Friday afternoon in a low-key ceremony at Fort Meade, in Maryland.

The creation of America’s most senior cyber warrior comes just days after the US air force disclosed that some 30,000 of its troops had been re-assigned from technical support “to the frontlines of cyber warfare”.

The creation of Cyber Command is in response to increasing anxiety over the vulnerability of the US’s military and other networks to a cyber attack.

James Miller, the deputy under-secretary of defence for policy, has hinted that the US might consider a conventional military response to certain kinds of online attack.

Although Alexander pledged during his confirmation hearings before the Senate committee on armed services last month that Cyber Command would not contribute to the militarisation of cyberspace, the committee’s chairman, Senator Carl Levin expressed concern that both Pentagon doctrine, and the legal framework for online operations, had failed to keep pace with rapid advances in cyber warfare.

In particular Levin voiced concern that US cyber operations to combat online threats to the US, routed through neutral third countries, “could have broad and damaging consequences” to wider American interests.

Plans for Cyber Command were originally conceived under President George W Bush. Since taking office Barack Obama has embraced the theme of cyber security, describing it last year as “one of the most serious economic and national security challenges [the US faces] as a nation”.

During his confirmation hearing, Alexander said that the Pentagon’s networks were being targeted by “hundreds of thousands of probes every day” adding that he had “been alarmed by the increase, especially in this year”.

Cyber warfare has increased rapidly in scale and sophistication with China accused of being at the forefront of prominent recent attacks, including the targeting of Google and 20 other companies last year as well as “Titan Rain” in 2003 – a series of coordinated attacks on US networks. Russian and North Korean hackers have also been accused of large-scale attacks.

Moscow was accused of being behind a massive cyber assault on Estonia in 2007 – the second largest cyber warfare operation ever conducted.

While Alexander has tried to play down the offensive aspects of his command, the Pentagon has been more explicit, stating on Friday that Cyber Command will “direct the operations and defence of specified Department of Defense information networks [involving some 90,000 military personnel] and prepare to, when directed, conduct full-spectrum military cyberspace operations in order to enable actions in all domains, [to] ensure US allied freedom of action in cyberspace and deny the same to our adversaries.”

The complex issues facing Cyber Command were thrown into relief earlier this year when the Washington Post revealed details of a so-called “dot-mil” operation by Fort Meade’s cyber warfare unit, backed by Alexander, to shut down a “honeytrap website” set up by the Saudis and the CIA to target Islamist extremists planning attacks in Saudi Arabia.

The Pentagon became convinced that the forum was being used to co-ordinate the entry of jihadi fighters into Iraq.

Despite the strong objections of the CIA, the site was attacked by the Fort Meade cyber warfare unit. As a result, some 300 other servers in the Saudi kingdom, Germany and Texas also were inadvertently shut down.

Of equally concern to those who had opposed the operation, it was conducted without informing key members of the Saudi royal family, who were reported to be “furious” that a counter-terrorism tool had been shut down.

The issue of cyber warfare – and how to combat it – has become an increasingly fraught one.

The need to have electronic warfare capabilities, say those who support them, has been proven repeatedly by the apparent success of hostile attacks on government networks, including last year’s massive denial of service assault on networks in both the US and Korea.

Last year, hackers also accessed large amounts of sensitive data concerning the Pentagon’s Joint Strike Fighter programmer.

The difficulties facing the new command were underlined in March by former CIA director Michael V Hayden, who said that the Saudi operation had demonstrated that cyber warfare techniques were evolving so rapidly that they were now outpacing the government’s ability to develop coherent policies to guide its use.

“Cyber was moving so fast that we were always in danger of building up precedent before we built up policy,” Hayden said.