Homeland Security May Still Be Able to Legally Monitor the Internet

Posted: Feb 18, 2012 4:05 PM

And you thought SOPA and PIPA were bad. Republican Senator John McCain is sounding the alarm about legislation that would allow the Department of Homeland Security to legally monitor websites. New legislation would allow for DHS to monitor the companies operating cyber security software for the government, while failing to actually monitor or stop cyber attacks from foreign enemies.

[At] A hearing on Thursday to discuss the bill in which Sen. John McCain (R-Arizona) sideswiped lawmakers behind the proposed legislation and announced that he, and seven other Senate ranking members, were opposed to the bill and would be introducing a competing bill in two weeks to address failings they see in the legislation.

McCain and his colleagues oppose the current bill on the grounds that it would give the Department of Homeland Security regulatory authority over private businesses that own and operate critical infrastructure systems and that it doesn’t grant the National Security Agency, a branch of the Defense Department, any authority to monitor networks in real-time to thwart cyberattacks.

The bill neglects to give authority “to the only institutions currently capable of [protecting the homeland], U.S. Cybercommand and the National Security Agency (NSA),” McCain said in a written statement presented at the hearing. “According to [General Keith Alexander, the Commander of U.S. Cybercommand and the Director of the NSA] in order to stop a cyber attack you have to see it in real time, and you have to have those authorities…. This legislation does nothing to address this significant concern and I question why we have yet to have a serious discussion about who is best suited to protect our country from this threat we all agree is very real and growing.”

McCain argues cyber security should be placed in the hands of the Defense Department, not DHS.

The Cybersecurity Act of 2012 (.pdf) requires the government to assess which sectors of critical infrastructure pose the greatest immediate risk and gives the Department of Homeland Security regulatory authority over the private companies that control designated critical infrastructure systems — such as telecommunications networks and electric grids and any other network “whose disruption from a cyber attack would cause mass death, evacuation, or major damage to the economy, national security, or daily life.”

The bill keeps the authority for critical infrastructure security oversight in the hands of DHS, a civilian agency, as opposed to McCain’s preference for the NSA, which protects the military’s networks and the government’s classified networks.