US Senator Lieberman Submits Bill for Internet 'Kill Switch'

ajtr

Tihar Jail
Banned
Joined
Oct 2, 2009
Messages
12,038
Likes
723
There goes freedom of speech into water.

Does the Internet Need a 'Kill Switch'?

By: MEGAN GIBSON
Topics: INTERNET, U.S., KILL SWITCH

MATTHEW CAVANAUGH/epa/Corbis

A proposed bill could effectively give the president an Internet "kill switch."

Senator Joseph Lieberman has proposed the Protecting Cyberspace as a National Asset Act (PCNAA), a bill that would give the president the power to control or even shut down the Internet in emergency situations. Citing the need for cybersecurity, Lieberman said in a press release that the U.S.'s "economic security, national security and public safety are now all at risk from new kinds of enemies — cyber-warriors, cyber-spies, cyber-terrorists and cyber-criminals."

The bill requires that U.S.-based companies such as Google and Yahoo, as well as broadband providers and software firms, comply with any and all measures that the government sees fit in an emergency.

Technology trade association, TechAmerica, has already expressed worry at the level of control the bill would grant the president if passed — levels that could have "unintended consequences." Other countries are also decrying the bill, fearing the impact on their own security if the U.S. were to shut down essential parts of the Internet. (via CNET)



Read more: http://newsfeed.time.com/2010/06/18/does-the-internet-need-a-kill-switch/#ixzz0rJkNB2pB
 

Oracle

New Member
Joined
Mar 31, 2010
Messages
8,120
Likes
1,566
US already controls the root servers of WWW, but in times of attack I guess that would require physically cutting cables, so the need for a kill switch. This is a good initiative.
 

Armand2REP

CHINI EXPERT
Senior Member
Joined
Dec 17, 2009
Messages
13,811
Likes
6,734
Country flag
Instead of making a kill switch, I would make a switch that would effectively cut off outside attack by making a national intranet.
 

Oracle

New Member
Joined
Mar 31, 2010
Messages
8,120
Likes
1,566
Not feasible in this age of Globalization. Plus you actually would need Internet to communicate with those drones or high end military equipments in Afghanistan and Iraq, if I am not wrong. Intranet can't suffice to this distance.
 

Armand2REP

CHINI EXPERT
Senior Member
Joined
Dec 17, 2009
Messages
13,811
Likes
6,734
Country flag
Not feasible in this age of Globalization. Plus you actually would need Internet to communicate with those drones or high end military equipments in Afghanistan and Iraq, if I am not wrong. Intranet can't suffice to this distance.
The US military already has their own intranets, one for each service. The USN/USMC use NMCI by EDSC and USAF uses Cisco... forget what US Army uses. I am saying make a civilian version of it in times of crisis so they all don't lose internet access.
 

AirforcePilot

Professional
Joined
Oct 17, 2009
Messages
194
Likes
70
New Bill Would Create Office of Cyber Policy in White House to Protect Nation from Cyber Terrorism

Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., Ranking Member Susan Collins, R-Me., and Federal Financial Management Subcommittee Chairman Tom Carper, D-De., on June 10th introduced comprehensive legislation to modernize, strengthen, and coordinate the security of federal civilian and select private sector critical infrastructure cyber networks.

The Protecting Cyberspace as a National Asset Act of 2010, S.3480, would create an Office of Cyber Policy in the White House with a director accountable to the public who would lead all federal cyberspace efforts and devise national cyberspace strategy.

A National Center for Cybersecurity and Communications within the Department of Homeland Security, also led by a director accountable to the public, would enforce cybersecurity policies throughout the government and the private sector. The bill would also establish a public/private partnership to set national cyber security priorities and improve national cyber security defenses.

The Committee will hold a hearing on the legislation June 15, 2010.

"The Internet may have started out as a communications oddity some 40 years ago but it is now a necessity of modern life, and sadly one that is under constant attack," said Lieberman. "It must be secured, – and today, Senators Collins, Carper, and I have introduced a bill which we believe will do just that. The Protecting Cyberspace as a National Asset Act of 2010 is designed to bring together the disjointed efforts of multiple federal agencies and departments to prevent cyber theft, intrusions, and attacks across the federal government and the private sector. The bill would establish a clear organizational structure to lead federal efforts in safeguarding cyber networks. And it would build a public/private partnership to increase the preparedness and resiliency of those private critical infrastructure cyber networks upon which our way of life depends.

"For all of its 'user-friendly' allure, the Internet can also be a dangerous place with electronic pipelines that run directly into everything from our personal bank accounts to key infrastructure to government and industrial secrets. Our economic security, national security and public safety are now all at risk from new kinds of enemies -- cyber-warriors, cyber-spies, cyber-terrorists and cyber-criminals.

"The need for this legislation is obvious and urgent."

Collins said: "As our national and global economies become ever more intertwined, cyber terrorists have greater potential to attack high-value targets. From anywhere in the world, they could disrupt telecommunications systems, shut down electric power grids, and freeze financial markets. With sufficient know-how, they could cause billions of dollars in damage and put thousands of lives in jeopardy. We cannot afford to wait for a "cyber 9/11" before our government finally realizes the importance of protecting our digital resources, limiting our vulnerabilities, and mitigating the consequences of penetrations of our networks.

"Yet, for too long, our approach to cyber security has been disjointed and uncoordinated. Our vital legislation would fortify the government's efforts to safeguard America's cyber networks from attack. This bill would build a public/private partnership to promote national cyber security priorities and help prevent and respond to cyber attacks."

Carper said: "Over the past few decades, our society has become increasingly dependent on the internet, including our military, government, and businesses of all kinds. While we have reaped enormous benefits from this powerful technology, unfortunately our enemies have identified cyber space as an ideal 21st century battlefield. We have to take steps now to modernize our approach to protecting this valuable, but vulnerable, resource. This legislation is a vital tool that America needs to better protect cyber space. It encourages the government and the private sector to work together to address this growing threat and provides the tools and resources for America to be successful in this critical effort."

Key elements of the legislation include:

1. Creation of an Office of Cyberspace Policy in the Executive Office of the President run by a Senate-confirmed Director, who will advise the President on all cybersecurity matters. The Director will lead and harmonize federal efforts to secure cyberspace and will develop a national strategy that incorporates all elements of cyberspace policy, including military, law enforcement, intelligence, and diplomatic. The Director will oversee all related federal cyberspace activities to ensure efficiency and coordination.

2. Creation of a National Center for Cybersecurity and Communications (NCCC) at the Department of Homeland Security (DHS) to elevate and strengthen the Department's cyber security capabilities and authorities. The Director will regularly advise the President on efforts to secure federal networks. The NCCC will be led by a Senate-confirmed Director, who will report to the Secretary. The NCCC will include the United States Computer Emergency Response Team (US-CERT), and will lead federal efforts to protect public and private sector cyber and communications networks.

3. Updates the Federal Information Security Management Act (FISMA) to modernize federal agencies practices of protecting their internal networks and systems. With strong leadership from DHS, these reforms will allow agencies to move away from the system of after-the-fact paperwork compliance to real-time monitoring to secure critical systems.

4. Requiring the NCCC to work with the private sector to establish risk-based security requirements that strengthen cyber security for the nation's most critical infrastructure that, if disrupted, would result in a national or regional catastrophe.

5. Requiring covered critical infrastructure to report significant breaches to the NCCC to ensure the federal government has a complete picture of the security of these sensitive networks. The NCCC must share information, including threat analysis, with owners and operators regarding risks to their networks. The Act will provide specified liability protections to owners/operators that comply with the new risk-based security requirements.Creation of a responsible framework, developed in coordination with the private sector, for the President to authorize emergency measures to protect the nation's most critical infrastructure if a cyber vulnerability is being exploited or is about to be exploited.

The President must notify Congress in advance before exercising these emergency powers. Any emergency measures imposed must be the least disruptive necessary to respond to the threat and will expire after 30 days unless the President extends them. The bill authorizes no new surveillance authorities and does not authorize the government to "take over" private networks.

6. Development of a comprehensive supply chain risk management strategy to address risks and threats to the information technology products and services the federal government relies upon. This strategy will allow agencies to make informed decisions when purchasing IT products and services.

7. Requiring the Office of Personnel Management to reform the way cyber security personnel are recruited, hired, and trained to ensure that the federal government has the talent necessary to lead the national cyber security effort and protect its own networks.

Among the bill's supporters are: anti-virus software companies McAfee and Symantec; Karen Evans, former Administrator for E-Government and IT, Office of Management and Budget; Stewart Baker, former Assistant Secretary for Policy at DHS; the Intelligence and National Security Alliance; the Professional Services Council; and the Coalition for Government Procurement.
http://beforeitsnews.com/news/77/022/New_Bill_Would_Create_Office_of_Cyber_Policy_in_White_House_to_Protect_Nation_from_Cyber_Terrorism.html
 

AkhandBharat

Regular Member
Joined
Aug 7, 2009
Messages
542
Likes
79
Collins said: "As our national and global economies become ever more intertwined, cyber terrorists have greater potential to attack high-value targets. From anywhere in the world, they could disrupt telecommunications systems, shut down electric power grids, and freeze financial markets. With sufficient know-how, they could cause billions of dollars in damage and put thousands of lives in jeopardy. We cannot afford to wait for a "cyber 9/11" before our government finally realizes the importance of protecting our digital resources, limiting our vulnerabilities, and mitigating the consequences of penetrations of our networks.
nnnnnnnnnnnnnnnnnnnn
 
Joined
Feb 16, 2009
Messages
29,797
Likes
48,276
Country flag
They will use this bill to turn of the internet on days the stock market is selling off big;to prevent people from accessing their online accounts.
 

AkhandBharat

Regular Member
Joined
Aug 7, 2009
Messages
542
Likes
79
Instead of making a kill switch, I would make a switch that would effectively cut off outside attack by making a national intranet.
Its called an extranet, which hosts sensitive data. Most militaries and corporations around the world have it.
 

AkhandBharat

Regular Member
Joined
Aug 7, 2009
Messages
542
Likes
79
The US military already has their own intranets, one for each service. The USN/USMC use NMCI by EDSC and USAF uses Cisco... forget what US Army uses. I am saying make a civilian version of it in times of crisis so they all don't lose internet access.
A kill switch that works only one way? Wow! This would truly revolutionary. I haven't seen a machine having an IP address that is only a data sink. The only solution is to have a nationwide firewall and turn it on during crisis. But thats nothing new. China already has it.
 

AkhandBharat

Regular Member
Joined
Aug 7, 2009
Messages
542
Likes
79
They will use this bill to turn of the internet on days the stock market is selling off big;to prevent people from accessing their online accounts.
LF, they can stop trading altogether if they deem it so necessary! Because online trading is measly compared to trading in the market actual.
 
Joined
Feb 16, 2009
Messages
29,797
Likes
48,276
Country flag
LF, they can stop trading altogether if they deem it so necessary! Because online trading is measly compared to trading in the market actual.
They can stop it for the retail traders most of the institutions will still trade, if institutions want to get out at a better price they can still play games with this concept.
 

Armand2REP

CHINI EXPERT
Senior Member
Joined
Dec 17, 2009
Messages
13,811
Likes
6,734
Country flag
Its called an extranet, which hosts sensitive data. Most militaries and corporations around the world have it.
No, it is called intranet. An extranet uses the internet and is able to be hacked from outside. Once they crack the AAA protocal, they have open access. An intranet is more secure and what would be nice to see is a system of public information and data exchange that cannot be hacked from the outside. Instead of turning off the internet, they could have a government emergency intranet that would still allow citizens access to information and allow companies to carry out their business. The US military already uses an intranet to carry out its secure functions. The military extranet is hacked all the time and does not contain its sensitive information.
 

AkhandBharat

Regular Member
Joined
Aug 7, 2009
Messages
542
Likes
79
No, it is called intranet. An extranet uses the internet and is able to be hacked from outside. Once they crack the AAA protocal, they have open access. The US military already uses an intranet to carry out its secure functions. An intranet is more secure and what would be nice to see is a system of public information and data exchange that cannot be hacked from the outside. The military extranet is hacked all the time and does not contain its sensitive information.
Military organizations have sensitive data on their extranet, simply because each military subgroup has their own intranet and they need to be able to share information. That is the reason why there is a lot of hullaboo whenever defence networks are hacked.

Instead of turning off the internet, they could have a government emergency intranet that would still allow citizens access to information and allow companies to carry out their business.
Firewall. Nothing new. Already implemented and is not what this bill is about. This bill requires corporations, financial institutions, government organizations to deny access to their servers (from internet access around the world) when the US government deems it necessary. This is good for government organizations, but devastating for corporations and financial institutions. How is the government going to compensate for lost business? This bill isn't going anywhere.
 

Armand2REP

CHINI EXPERT
Senior Member
Joined
Dec 17, 2009
Messages
13,811
Likes
6,734
Country flag
Military organizations have sensitive data on their extranet, simply because each military subgroup has their own intranet and they need to be able to share information. That is the reason why there is a lot of hullaboo whenever defence networks are hacked.
Military intranets do not have gateways so they are not extranets. When services communicate they do it through the DoD intranet, not from their own network unless the person they are working with needs to be on that intranet. The extranet the US military uses is full of support sites like TRICARE, pension disbursment and general unclassified information. It is for the families of those in service, not for people on duty. Contractors who need to be on the intranets are cleared for access.
Firewall. Nothing new. Already implemented and is not what this bill is about. This bill requires corporations, financial institutions, government organizations to deny access to their servers (from internet access around the world) when the US government deems it necessary. This is good for government organizations, but devastating for corporations and financial institutions. How is the government going to compensate for lost business? This bill isn't going anywhere.
It isn't a firewall being discussed, it is the authority of the US government to make any US corporation or government entity cease providing internet access. That includes ISPs and search engines. It would make them go offline.
 

AkhandBharat

Regular Member
Joined
Aug 7, 2009
Messages
542
Likes
79
Military intranets do not have gateways so they are not extranets. When services communicate they do it through the DoD intranet, not from their own network unless the person they are working with needs to be on that intranet. The extranet the US military uses is full of support sites like TRICARE, pension disbursment and general unclassified information. It is for the families of those in service, not for people on duty. Contractors who need to be on the intranets are cleared for access.
Military organizations have both an intranet and an extranet. Any part of the network that is mapped onto the internet with Authentication enabled is called an extranet. And extranets do have sensitive information, like I said as evident from the information on JSF obtained from the extranet.

It isn't a firewall being discussed, it is the authority of the US government to make any US corporation or government entity cease providing internet access. That includes ISPs and search engines. It would make them go offline.
I know what is being discussed. What you're proposing here:

Instead of turning off the internet, they could have a government emergency intranet that would still allow citizens access to information and allow companies to carry out their business.
is a firewall.

Like I said, most B2C US corporations and financial institutions will suffer immense losses and its not clear, how the US government is supposed to 'compensate' them, considering they are about to go broke themselves. So, I don't think this bill would go anywhere. ISPs don't stand to loose much, so they are happy about the bill and ofcourse, McAfee and Symantec are happy to help the US government. It is also evident that the implementation of the 'kill-switch' is actually a directive to these business to suspend operations immediately when the US govt deems it necessary and is not fool-proof because it depends on the co-operation of the businesses involved.
 

Armand2REP

CHINI EXPERT
Senior Member
Joined
Dec 17, 2009
Messages
13,811
Likes
6,734
Country flag
Military organizations have both an intranet and an extranet. Any part of the network that is mapped onto the internet with Authentication enabled is called an extranet. And extranets do have sensitive information, like I said as evident from the information on JSF obtained from the extranet.
They have both, but the intranet deals with sensitive data. The F-35 attack was denied by both Lockheed and the Pentagon.

I know what is being discussed. What you're proposing here:

is a firewall.
No, I am not proposing a firewall. I am proposing state administered terminals that can only be accessed using smart cards. During times of crisis people will still be able to use basic internet services that would be hosted by the government. These terminals could be located in libraries and they would have limited content like news media, e-mail, and government authenticated sites. Banks, power plants, airports could use it and not be threatened from foreign attacks. People could still conduct business but it would be under the eyes of the state and it would be uncrackable from outside the country. They would have to physically be at a terminal that is being monitored electronically and visually. It would be far more controlled than China's Great Firewall. It would be off the WWW.

Like I said, most B2C US corporations and financial institutions will suffer immense losses and its not clear, how the US government is supposed to 'compensate' them, considering they are about to go broke themselves. So, I don't think this bill would go anywhere. ISPs don't stand to loose much, so they are happy about the bill and ofcourse, McAfee and Symantec are happy to help the US government. It is also evident that the implementation of the 'kill-switch' is actually a directive to these business to suspend operations immediately when the US govt deems it necessary and is not fool-proof because it depends on the co-operation of the businesses involved.
As I said, they are not talking about a firewall but shutting them down.
 

AkhandBharat

Regular Member
Joined
Aug 7, 2009
Messages
542
Likes
79
They have both, but the intranet deals with sensitive data. The F-35 attack was denied by both Lockheed and the Pentagon.
Extranets too have sensitive data. Lockheed denied to comment, but US govt officials have accused China openly.

No, I am not proposing a firewall. I am proposing state administered terminals that can only be accessed using smart cards. During times of crisis people will still be able to use basic internet services that would be hosted by the government. These terminals could be located in libraries and they would have limited content like news media, e-mail, and government authenticated sites. Banks, power plants, airports could use it and not be threatened from foreign attacks. People could still conduct business but it would be under the eyes of the state and it would be uncrackable from outside the country. They would have to physically be at a terminal that is being monitored electronically and visually. It would be far more controlled than China's Great Firewall. It would be off the WWW.
Are you telling me that in the event of a cyber war, all services live on the internet will automatically be switched to an intranet? How will that be done, magically? Limited government services could be offered through extranet access to the public with smart-cards, but what happens to private corporations who will suffer huge losses? How will their losses of billions be compensated by a broke federal government? That would be essentially a financial suicide or self-stabbing! Not to mention any bill that incorporates this will face substantial resistance from businesses and will not pass. I don't know if you've been to the United States or not, but if you have noticed how much China's firewall is ridiculed in this country, you would dare not include anything like this in a bill or your political career would end before you could say "Wait..what?"
 
Last edited:

Latest Replies

Global Defence

New threads

Articles

Top