Home / Blogs

Government Regulation of Cybersecurity: Partnership (or Power Grab) in the Making?

A cybersecurity bill introduced in the U.S. Senate on April 1st, 2009 would give the United States federal government extraordinary power over private sector Internet services, applications and software. This proposed legislation is a direct result of a review ordered by the Obama administration into government policies and processes for defending against Internet-born attack.

The focus of the bill, according to a summary released by the sponsoring senators, is on establishing a new partnership between the public and private sectors in a joint effort to bolster Internet security.

This comprehensive legislation addresses our country’s unacceptable vulnerability to massive cyber crime, global cyber espionage, and cyber attacks that could cripple our critical infrastructure.

We presently have systems to protect our nation’s secrets and our government networks against cyber espionage, and it is imperative that those cyber defenses keep up with our enemies’ cyber capabilities. However, another great vulnerability our country faces is the threat to our private sector critical infrastructure-banking, utilities, air/rail/auto traffic control, telecommunications-from disruptive cyber attacks that could literally shut down our way of life.

This proposed legislation will bring new high-level governmental attention to develop a fully integrated, thoroughly coordinated, public-private partnership to our cyber security efforts in the 21st century.

The bill, entitled Cybersecurity Act of 2009, calls for the creation of a Cybersecurity Advisory Panel composed of outside experts from industry, academia, and nonprofit groups that would advise the president on cybersecurity policy and direction. The bill would give the President the authority to shut down Internet traffic in emergencies or disconnect any critical infrastructure system or network in the interests of national security. The bill would also grant the Commerce Department the ability to override all privacy laws to gain access to any information about Internet usage.

(a) DESIGNATION.—The Department of Commerce shall serve as the clearinghouse of cybersecurity threat and vulnerability information to Federal government and private sector owned critical infrastructure information systems and networks.

(b) FUNCTIONS.—The Secretary of Commerce-(1) shall have access to all relevant data concerning such networks without regard to any provision of law, regulation, rule, or policy restricting such access;

The bill also provides federal authority to license and certify information technology professionals dealing with cybersecurity, and makes it a federal crime to perform any duty currently related to cybersecurity without the federal license.

(a) IN GENERAL.—Within 1 year after the date of enactment of this Act, the Secretary of Commerce shall develop or coordinate and integrate a national licensing, certification, and periodic recertification program for cybersecurity professionals

(b) MANDATORY LICENSING.—Beginning 3 years after the date of enactment of this Act, it shall be unlawful for any individual to engage in business in the United States, or to be employed in the United States, as a provider of cybersecurity services to any Federal agency or an information system or network designated by the President, or the President’s designee, as a critical infrastructure information system or network, who is not licensed and certified under the program.

Further, the bill establishes a timetable for a federal review and report of existing electronic privacy and security legislation.

(a) IN GENERAL.—Within 1 year after the date of enactment of this Act, the President, or the President’s designee, through an appropriate entity, shall complete a comprehensive review of the Federal statutory and legal framework applicable to cyber-related activities in the United States, including—

(1) the Privacy Protection Act of 1980 (42 U.S.C. 2000aa);
(2) the Electronic Communications Privacy Act of 1986 (18 U.S.C. 2510 note);
(3) the Computer Security Act of 1987 (15 U.S.C. 271 et seq; 40 U.S.C. 759);
(4) the Federal Information Security Management Act of 2002 (44 U.S.C. 3531 et seq.);
(5) the E-Government Act of 2002 (44 U.S.C. 9501 et seq.);
(6) the Defense Production Act of 1950 (50 U.S.C. App. 2061 et seq.);
(7) any other Federal law bearing upon cyber related activities; and
(7) any applicable Executive Order or agency rule, regulation, guideline.

The bill, introduced by Sens. John Rockefeller and Olympia Snowe, would also give the federal government unprecedented and sweeping control over computer software, Internet services, and online privacy all in the interests of national security. Center for Democracy & Technology (CDT) President and CEO Leslie Harris said, “The cybersecurity threat is real, but such a drastic federal intervention in private communications technology and networks could harm both security and privacy.”

While this new initiative holds promise, the question remains as to whether or not more government regulation and oversight will produce a more secure Internet. Some critics are concerned with the establishment of more government to handle cybersecurity initiatives, when the responsibility appears to fall under the role of the National Security Adviser. Others are concerned with the scope of powers granted to the federal government if the bill is signed in to law as written. The presidential powers granted as part of the proposed legislation would be “a sweeping federal takeover of cybersecurity ” responsibilities, said Ms. Harris.

By Mike Dailey, IT Architect and Sr. Network Engineer

Filed Under


Anyone else concerned about this? Bruce Van Nice  –  Apr 8, 2009 5:22 PM

Looks like the elephant’s trunk is nosing around the entrance to the Internet tent.
Does anyone really think once the government gets involved their “help” will stop with improving security?  For that matter does anyone really believe they can help with security?  How many of you security professionals are anxious to have the government control your lives (salary caps anyone!)? 

Next year we’ll get Internet taxes because it is only fair that since the government is securing the Internet that they find a way to pay for it.  Then there’ll be all kinds of special interest “initiatives” that will get imposed. 

The Internet is going to look radically different in 5 years if the government gets more involved.  Why would anyone want this to happen?

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byVerisign


Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API