Bill Could Give Homeland Security Power Over Tech Giants
Some members of Congress, concerned about shoddy cybersecurity at government and critical technology websites, are proposing that the Department of Homeland Security should have the power to force private networks to secure themselves more effectively.
But several cybersecurity experts say a broadly worded bill that has been referred to the House Committee on Homeland Security could impact many ordinary tech firms that merely play a role in infrastructure. If the bill becomes law, even firms like Apple, Microsoft and Google could come under DHS's thumb, says Michael Gregg, chief operating officer of the cybersecurity firmSuperior Solutions.
"They are stepping forward to regulate a potentially huge amount of the Internet," Gregg told FoxNews.com. "It's up to DHS to decide who they want to fall under this umbrella. I have little doubt that large tech companies such as AT&T, Verizon, Microsoft, Google, Apple and Cisco could all find themselves being heavily regulated."
Representatives from those firms declined to comment on the pending regulations. But given DHS' record on security, Gregg said they should have reservations about granting the agency such sweeping oversight.
"Just consider the recent DHS / TSA body-scanner fiasco," he said. "The thought of DHS in charge of cybersecurity will strike fear in most U.S. tech companies."
The Homeland Security Cyber and Physical Infrastructure Protection Act of 2010 (HR 6423, proposed by Rep. Bennie G. Thompson, D-Miss.) would empower DHS to set security standards for the networks at various private facilities and would authorize penalties against any websites it deems to have lax security.
The bill would create a new department within Homeland Security, called the Office of Cybersecurity and Communications, and a new Cybersecurity Compliance Division that would measure and rate how effectively certain private companies respond to network security risks.
The bill's goal is to muscle better security onto .gov websites and critical infrastructure sites, including ports and power plants, to limit the country's vulnerability to cyber espionage, said Thompson.
"Cyber attacks, whether originated by other countries or sub-national groups, are a grave and growing threat to our government and the private sector. This bill provides new tools to DHS to confront them effectively and make certain that civil liberties are protected,” Thompson said.
But the bill could end up regulating utilities and telecoms and a wide array of software firms, said Jeff Bardin, a chief security strategist and a cyberterror expert with XA Systems.
"Anything that critical infrastructures depend upon -- which is pretty much all information security companies, major and minor Internet hubs, the networks, database companies, software companies, etc." could fall under the umbrella of HR 6423, he told FoxNews.com. "It could run the gamut depending upon interpretation."
Josh Daymont, CEO of information security company Securisea, agrees that the bill is broad. But he said there would likely be different levels of regulations for different organizations -- and Microsoft or AT&T wouldn't be scrutinized in the same manner as a nuclear power plant.
"It wouldn't necessarily follow that those [tech] companies would be treated the same as a nuclear power plant or water company -- they might well have restrictions, but perhaps a less stringent set of rules than, say, a nuclear plant."
An aide for the House Committee on Homeland Security said the bill wasn't intended to be as broad as industry experts fear it may be -- and pointed out that there would be medium for voicing concerns.
"In those cases where a company wants to challenge its designation, the bill calls for DHS to make a reconsideration process available," he added.
The committee aide noted that the private sector won't be included in the panel establishing the rules, however. "For the private sector regulations, the bill provides for an open regulatory process with notice and comment," he told FoxNews.com.
But Gregg argued that even with the help of the private sector, DHS isn't in the best position to offer cybersecurity advice.
"The real problem is that DHS and other government agencies don’t have a great record of protecting their own critical assets," he told FoxNews.com. "As recently as 2008, DHS did not have its own cyber crisis plan. Also in 2008, a DHS [internal phone system] was hacked using an attack vector that was at least 10 years old," Gregg said.
The power to regulate private networks comes from Homeland Security Presidential Directive 7, which was established in 2003 to identify and prioritize critical infrastructure and to protect it from terrorist attacks.
The regulation has been in use for a while, but it hasn't been used to enforce standards, Bardin told FoxNews.com.
"The new bill just takes it to the point that forces things to be done. Before it was a public-private relationship based upon cooperation and collaboration. Now it could be a forced march to compliance. Cooperation and collaboration only goes so far when it is not economically in a company's best interest to change a product or behavior," he said.
But the real concern lies in the breadth of the bill, Bardin agreed. Any technology company that sells to key infrastructures could potentially be regulated by it, said Bardin. He cited a laundry list of technology companies that could be affected, including Oracle, Symantec, EMC, Cisco, HP, Dell and others.
"Just some of the big boys, and the list is endless ..." he said.
My notes:
The Federal Dept. of Homeland Security - created by former President Bush after September 11th and implemented for the security of America after the Islamic terror attacks on our soil is NOW out of control and undermines the very freedoms the United States has enjoyed since the founding of our nation.
This report states that "some members of Congress" are concerned about Internet security - that is a lie! Homeland Security, under the Obama administration, is step by step, raping Americans of our values, freedoms, and morality. They are treating Americans as though we were the enemy and no surprise, since they cannot even define the enemy under the new rules of Obama i.e. remove all identification of Islamic terrorism and Jihad from government documents.
The fiasco at the airport terminals, with the invasive body checks and porno-style X-rays on Americans prevents travel within our country is like watching a slow-motion movie on how a once free nation slowly, but surely has its government rob the people of their Fourth Amendment rights.
The Internet, the last line of defense, for Americans to speak freely, is now under attack - by this same Federal department, under the guise of protecting us from outside attacks. Only a fool can continue to trust a government that has gone berserk! Insane!
Are we now living in China - a communist country that controls its people? It was reported within the last 24 hours, by Fox News, that a lady who "twittered" a message in China, disappeared and later, was found to be arrested by her Chinese government. It appears she needed to be reprogrammed to think more like the government - is that what America is becoming?
Six months ago, a report by Google tried to explain that websites are only monitored under if the government request it for "security" purposes; Israel, no stranger to terrorism, was listed as one of the lowest in "requests" to monitor a website, and America, at that time had one of the highest lists of requests to monitor websites.
Imagine - America, the Big Daddy of all nations, spying on its citizens and determining what we should read, or where we should visit on the Web.
Islam still continues to attack the United States and its citizens; and yet, Islamic terrorism is not defined as the enemy in Homeland Security documents, per order of the Obama Administration. We have had health care rammed down our throats; body snatchers/inspectors at airports; and now, a bill that could possibly pass that would rob us of yet another freedom - freedom of speech.
Contact your representatives and inform them that Homeland Security has secured NOTHING except the American dream of life, liberty and happiness .... they have outlived their purpose, for they do not secure our freedom - they do the opposite, in robbing every single American citizen of its freedoms under our Constitution.
Bee Sting
PS - Worried about outside cyber attacks? For crying out loud, get yourself a decent security program for your computer! I think the only ones concerned about "attacks" are those scientist in Iran, struggling with that virus that has shut down their nuclear plants.
The government of the United States needs to begin protecting its own computers - not the computers of private American citizens, under the pretense of "homeland security"!
We gave you an inch, Big Government, and you took a mile!
PS - Worried about outside cyber attacks? For crying out loud, get yourself a decent security program for your computer! I think the only ones concerned about "attacks" are those scientist in Iran, struggling with that virus that has shut down their nuclear plants.
The government of the United States needs to begin protecting its own computers - not the computers of private American citizens, under the pretense of "homeland security"!
We gave you an inch, Big Government, and you took a mile!
