The cyber security Act of 2009 (S. 773) contains various strategies that are aimed at enhancing cyber security. However, the bill contains several contentious provisions that give the president and the secretary of commerce excessive power on matters to do with important Information Systems owned by the private sector.
These powers threaten to undermine civil liberties and possibilities of innovation (Gregory, 2009, p. 2).
In this bill, the policies relating to government systems differ from those relating to private systems in that they are more prescriptive in addressing government systems but fail to draw clear distinctions between elements of free speech and silence in private communication infrastructure.
Image of Cyber security (Spinello, 2010)
The Cyber security Act of 2009, known formally as Senate Bill 773, is best known for its radical recommendation to give the president authority to shut down parts of the Internet under cyber attack.
The Rockefeller-Snow legislation (S. 773) came at a time when cyber security threats were on the rise and needed proper strategies to counteract these threats (Spinello, 2010). However, up to date the government has not adequately addressed these threats and has failed to secure vital resources and infrastructure (Asbell, Bryer, and Lebson, 2011).
Analysis of Section 18
Sections 18(2) and 18(6) form the most contentious provisions in the bill. They give power to the president to limit or shut down internet traffic to government systems and vital information systems as well as networks owned by the private sector in case of an emergency. Section 18(2) further gives power to the president to determine what constitutes an emergency and does not specify time limits for a shut down (Kumar, 2009, p. 49).
In section 18(6), the president has further powers to order a shut down on any vital information system belonging to the federal government even without an emergency, But by using the term national security (Singh, 2010). This has solicited mixed reactions as to how the president could abuse the term ‘National security’ to achieve political and economic interests.
Many people argue that, excessive power of the president over privately owned systems could result to negative consequences that would affect the economy and various critical infrastructures. Shutting down internet traffic, could result in loss of billions of dollars that could otherwise contribute positively to the economy (Kruger, 2010, p. 5).
Analysis of Section 14
Many people agree that sharing information could contribute immensely in adopting cyber security strategies. However, the S. 773 undermines the role of the U.S. CERT, which has a responsibility of ensuring information sharing. It also ignores the ISACSs that represent public private partnerships (Baase, 2008, p.13).
Section 14 of this bill mandates the department of commerce to ensure the sharing of vulnerability information with the private sector. This section threatens to undermine privacy laws and laws that protect trade secrets. The Bill also does not place a limit as to how much information can be accessible to the department of commerce (Baase, 2008, p.13).
Analysis of Section 6 and 7
This section gives the National Institute of Standards the mandate to specify a standard software configuration for all the public and private agencies. This body also controls the standard configuration for security settings on operating systems and software utilities.
It requires all software built by or for private agencies to comply with the standards set by it. This body also ensures compliance by software developers, vendors, and distributors (Kizza, 2010, p. 10).
The establishment of standards for software systems in both government and private agencies would increase vulnerability of these systems since vulnerability in the standardized system will end up affecting many entities and the numerous steps of testing software for compliance could slow the distribution of software designed to ensure cyber security (Kizza, 2010, p.10).
Section 7.a of the bill is short on details about the licensing requirement for the public sector, other than to say it would be administered by the Secretary of Commerce. It also isn’t clear on whether it would be mandatory for cyber security professionals other than those working for the federal government.
Analysis of Section 8 and 9
These sections encourage the Internet Corporation for Assigned Names (ICANN) to promote cyber security. The ICANN manages the internet’s Domain Name System (DNS). It enables communication across the internet and ensures efficient navigation of networks (Palmer, 2010, p. 230).
ICANN plays an important role and ought to remain autonomous without any interference from the government. The S. 773 seems to send a wrong message to other governments with less respect for civil liberties.
The ICANN operates on a global platform and if the U.S interferes with its operation, then other foreign governments would definitely accuse the congress for pursuing its own self-interest. Sections 8 and 9 of this bill would contribute to international control of the ICANN.
Section 8 supports the review of the ICANN by the cyber security panel developed in the bill. These issues would raise conflict of interests’ issues among different global governments (Palmer, 2010, p.230).
Analysis of Sections 15, 10, 12 and 3
These sections promote a market-based approach to cyber security over government. Section 15 recommends a study within a period of one year for the feasibility of developing a market for cyber security risk management (Koch, 2005, p. 272). This approach would lead to increased levels of security in various industries without imposing government interference that that threaten security and liberty.
Section 10 proposes an authorization of cyber security awareness campaigns to educate the public. While section 12, authorize cyber scholarships that aim at training IT experts and security managers. This would contribute to enormous benefits to both the government and private stakeholders by ensuring a cyber security strategy that serves the interests of all.
Asbell, M. D., Bryer, L. G., and Lebson, S.J. (2011). Intellectual property strategies for 21st century corporations. Hoboken, NJ: John Wiley & Sons.
Baase, S. (2008). A Gift of Fire: Social, Legal, and Ethical Issues for Computing and the Internet. New York, NY: Prentice Hall.
Gregory, T. N. (2009). Analysis of S. 773, Cybersecurity Act of 2009. Sudbury, MA: Jones & Bartlett Publishers.
Kizza, J. M. (2010). Ethical and social issues in the information age. New York, NY: Springer publishers.
Koch, S. (2005). Free/Open Source Software Development. Hershey, PA: Idea Group Inc (IGI).
Kruger, L. G. (2010). Internet Domain Names: Background and Policy Issues. Darby, PA: DIANE publishing.
Palmer, D. E. (2010). Ethical issues in E business models and frame works. Hershey, PA: Idea group Inc.
Singh, Y. (2010). Cyber laws. Delhi, India: Universal Law Publishing.
Spinello, R. (2010). Cyberethics: Morality and Law in Cyberspace. Sudbury, MA: Jones & Bartlett Publishers.