According to a report by CNET’s Declan McCullagh, a draft bill in the U.S. Senate would grant President Obama “cybersecurity emergency powers” to disconnect and even seize control of private sector computers on the Internet.
Back in May, when Obama proposed a “cybersecurity czar with a broad mandate” and the administration issued a report outlining potential vulnerabilities in the government’s information security policies, I cautioned about the constant temptation by politicians in both parties to expand government authority over “critical’ private networks.” From American telecommunications to the power grid, virtually anything networked to some other computer would potentially be fair game for Obama to exercise “emergency powers.”
Policy makers should be suspicious of proposals to collectivize and centralize cybersecurity risk management, especially in frontier industries like information technology. When government asserts authority over security technologies, it hinders the evolution of more robust information security practices and creates barriers to non-political solutions—both mundane and catastrophic. The result is that we become less secure, not more secure.
Instead, the Obama Administration should limit its focus to securing government networks and keeping government agencies on the cutting edge of communications technology. As today’s news illustrates, the dangers created by such a broad mandate may come to pass.