The Cybersecurity Act of 2009 introduced in the Senate would allow the President to shut down private Internet networks. The legislation also calls for the government to have the authority to demand security data from private networks without regard to any provision of law, regulation, rule, or policy restricting such access.
The headlines were all about creating a national cyber-security czar reporting directly to the President, but the Cybersecurity Act of 2009 introduced April 1 in the U.S. Senate would also give the President unprecedented authority over private-sector Internet services, applications, and software.
According to the bill’s language, the President would have broad authority to designate various private networks as a “critical infrastructure system or network” and, with no other review, “may declare a cyber-security emergency and order the limitation or shutdown of Internet traffic to and from” the designated the private-sector system or network. The 51-page bill does not define what private sector networks would be considered critical to the nation’s security, but the Center for Democracy and Technology says it could include communications networks in addition to the more traditional security concerns over the financial and transportation networks and the electrical grid. The bill would also impose mandates for designated private networks and systems, including standardized security software, testing, licensing, and certification of cyber-security professionals.