Senate Commerce Chairman John (Jay) Rockefeller is aiming for a July committee vote on sweeping cybersecurity legislation he introduced in April with Sen. Olympia Snowe, R-Maine, a senior Rockefeller aide said today.
Before the markup, the bill could see significant changes and an additional hearing, according to Rockefeller chief of staff Ellen Doneski. Cybersecurity experts brought up some concerns on how to bolster national defenses against high-tech attacks at a hearing before the bill was introduced and before the White House unveiled its blueprint for a cybersecurity strategy.
One of the bill's most controversial provisions, which high-tech policy watchers say would give the president the power to effectively shut off the Internet during a cyber crisis, is imperfect and needs to be changed, Doneski said.
The bill text states the president "may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised federal government or United States critical infrastructure information system or network."
She said drafters did not envision an "on-off switch" that the president could flip in the event of an emergency. Rather, the intent was to provide clear lines of authority to avoid the kind of mass confusion that erupted after 2005's Hurricane Katrina and the Sept. 11, 2001, terrorist attacks, Doneski said.
Rockefeller's team has been meeting with government and industry stakeholders to fine-tune the bill so it will be more warmly received when it goes before the committee, she added. She made her remarks at an event at Google's Washington office.
When asked about the provision, Obama administration officials at the event declined to comment. Philip Reitinger, director of the Homeland Security Department National Cybersecurity Center, and Richard Hale, the Defense Information Systems Agency's chief of information assurance, instead stressed the importance of public-private partnerships.
"If something bad happens, the last thing someone in the private sector is going to do is reach for the 300-page government binder," Reitinger said. Articulating an incident response plan on the heels of the White House's 60-day cybersecurity review is crucial, he added.
Under Rockefeller's bill, the White House would be required to create an Office of the National Cybersecurity Adviser within the Executive Office of the President as well as an advisory panel of experts from industry, academia and nonprofits.
Last month, Obama pledged to personally select a cyber czar who would report to the National Security Council and National Economic Council, but the position remains vacant.
Rockefeller's bill would have the Commerce Department devise a real-time IT monitoring program and require cyber standards for all federal agencies, contractors and grantees.