No Internet Kill Switch is No Guarantee

Updated: June 14, 2010

Protecting Cyberspace as a National Asset Act of 2010 (PDF document) is sponsored by Sens. Joseph Lieberman (I-Conn.), Susan Collins (R-Maine) and Tom Carper (D-Del.), and will shift the responsibility of federal agency cybersecurity from the Office of Management and Budget (OMB) to the Department of Homeland Security (DHS) by creating a new office called the National Center for Cybersecurity and Communications (NCCC), as outlined in a draft obtained by Federal News Radio.

The bill will also create a White House Office of Cyberspace Policy, which will be headed by a director level position requiring Congressional confirmation.

Previously, proposed legislation had included language that would give the President authority to effectively throw a "kill switch" which would limit civilian access to the internet during a national cybersecurity related event in a effort to preserve critical communications and infrastructure functionality.

Though the contested language has been removed from more recent versions, it still clearly gives the executive branch ultimate authority over who, what, where, when and why the internet is used during a national crisis.

As stated in the FNR article, "the bill also gives the President the ability to declare a national cyber emergency if attacks on specific types of critical infrastructure would cause a national or regional disaster. The President would have to notify Congress of the emergency, why the existing security measures are deficient and what new things must be done to secure the networks. The President would then require the director of the NCCC to issue emergency measures that would last only 30 days."

The article goes on to say that "this would be used only in the most extreme circumstances and DHS or the White House would not be able to shut down private sector networks."

This strikes me as merely a semantic win for the private sector that in reality means very little with regard to the ability to effectively design and implement disaster recovery and business continuity strategies.

So private networks will not be "shut down," but does that guarantee there will be available bandwidth?

The explosive growth in virtualization, remote access, and telecommuting has already had a major impact on the development of enterprise business continuity plans, as witnessed during the H1N1 "swine flu" threat, and the majority of organizations simply plan to have employees stay home and work remotely when possible.

Given the nature of the proposed legislation, it seems that business continuity plans based on unfettered access to the internet and other communication technologies are not only short-sighted, but more or less nullified.

My own estimation is that we will likely see something akin to the "rolling brownouts" employed when electricity demand exceeds the grids ability to deliver enough power.

An "Internet Brownout" will not shut down private access to the web, but it might make your high speed broadband connection look like dial-up service from the early 1990s - not pretty.

Combine this lack of access to sufficient bandwidth with a dramatic increase in the number of users trying to reach their corporate networks, and the result will effectively be no different than if the "kill switch" mechanism were in place.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more