<div id="hn-headline"><a href="http://www.google.com/hostednews/ap/article/ALeqM5hV-xgH2vPkqRPKITGuPqbVclxFFgD9AVE6M03">http://www.google.com/hostednews/ap/article/ALeqM5hV-xgH2vPkqRPKITGuPqbVclxFFgD9AVE6M03</a><br><br>What's government's role in making the Web secure?</div>
<p class="hn-byline">By LOLITA C. BALDOR
(AP)
–
<span class="hn-date">12 hours ago</span></p>
<p>WASHINGTON — <b>There is no kill switch for the Internet, no secret on-off button in an Oval Office drawer.</b></p><p>Yet
when a Senate committee was exploring ways to secure computer networks,
a provision to give the president the power to shut down Internet
traffic to compromised Web sites in an emergency set off alarms.</p><p>Corporate leaders and privacy advocates quickly objected, saying the government must not seize control of the Internet.</p><p>Lawmakers
dropped it, but the debate rages on. How much control should federal
authorities have over the Web in a crisis? How much should be left to
the private sector? It does own and operate at least 80 percent of the
Internet and argues it can do a better job.</p><p>"We need to prepare
for that digital disaster," said Melissa Hathaway, the former White
House cybersecurity adviser. "We need a system to identify, isolate and
respond to cyberattacks at the speed of light."</p><p>So far at least
18 bills have been introduced as Congress works carefully to give
federal authorities the power to protect the country in the event of a
massive cyberattack. Lawmakers do not want to violate personal and
corporate privacy or squelching innovation. All involved acknowledge it
isn't going to be easy.</p><p>For most people, the Internet is a public
haven for free thought and enterprise. Over time it has become the
electronic control panel for much of the world's critical
infrastructure. Computer networks today hold government secrets,
military weapons specifications, sensitive corporate data, and vast
amounts of personal information.</p><p>Millions of times a day,
hackers, cybercriminals and mercenaries working for governments and
private entities are scanning those networks, looking to defraud,
disrupt or even destroy.</p><p>Just eight years ago, the government ordered planes from the sky in the hours after the Sept. 11 terrorist attacks.</p><p>Could or should the president have the same power over the Internet in a digital disaster?</p>
<p>If
hackers take over a nuclear plant's control system, should the
president order the computer networks shut down? If there's a terrorist
attack, should the government knock users off other computer networks
to ensure that critical systems stay online? And should the government
be able to dictate who companies can hire and what they must do to
secure the networks that affect Americans' daily life.</p><p>Government
officials say the U.S. must improve efforts to share information about
cyberthreats with private industry. They also want companies to ensure
they are using secure software and hiring qualified workers to run
critical systems.</p><p>Much like the creation of the Department of
Homeland Security, cybersecurity has attracted the interest of a number
of House and Senate committees, all hoping to get a piece of the
oversight power:</p><p>_Bills in the House Homeland Security Committee
bills would protect the electric grid and require the department to
secure its networks.</p><p>_The Senate Homeland Security and Government Reform Committee is writing legislation aimed largely at federal agencies.</p><p>_The
Senate Commerce, Science and Transportation Committee is working on a
bill that promotes public awareness and technical education, raises the
planned White House cyberadviser to a Cabinet-level position and calls
for professional cyberstandards. An early draft would have given the
president the power to shut down compromised federal or critical
networks in an emergency.</p><p>Bloggers howled that the government was
taking over the Internet. Business leaders protested, and Senate aides
reworked the bill. Early versions of the second draft are more vague,
giving the president only the authority to "direct the national
response" to a cyberthreat.</p><p>Committee spokeswoman Jena Longo said
the bill "will not empower a government shutdown or takeover of the
Internet and any suggestion otherwise is misleading and false."</p><p>She
said the president has the constitutional authority to protect the
American people and direct the response to a crisis — including
"securing our national cyberinfrastructure from attack."</p><p>Privacy advocates say the government has not proven it can do a better job securing networks than the private sector.</p><p>"The
government needs to get its own cybersecurity house in order first
before it tries to tell the private sector what to do," said Gregory T.
Nojeim, senior counsel for the Center for Democracy and Technology.</p><p>Nojeim
said the Senate Commerce Committee bill appears to leave "tough
questions to the president, and that isn't comforting because some
presidents will answer those questions in troubling ways."</p><p>U.S.
officials acknowledge that their networks are scanned or attacked
millions of times a day. Spies have breached the electrical grid. In
July, hackers simultaneously brought down several U.S. government Web
sites and sites in South Korea.</p><p>Home computers are targets, too.
A study by security software provider McAfee Inc. says as many as 4
million computers are newly infected each month and turned into
"botnets" — armies of computers used by someone without their owners'
knowledge. As many as 10 percent of the world's computers might be
unknowingly infected.</p><p>Shutting down a compromised system may
sound like a good idea, but "it's not like the Internet has an on-off
switch somewhere you can press," said Franck Journoud, manager of
information security policy for the Business Software Alliance.</p><p>Most
industries are federally regulated, so the government should work
within those systems to plan for disasters, said Journoud, whose group
has met with lawmakers and the White House on cyberpolicies.</p><p>Rather than setting minimum standards, business groups say the U.S. should endorse existing voluntary industry ones.</p><p>Cyberexperts
also argue that when hackers infiltrate a critical network, the
solution is not to shut down the system, but to isolate and filter out
the offending computer codes.</p><p>Private companies are willing and
able to protect their systems without government mandates, said Tom
Reilly, president of ArcSight, a cybersecurity software company. He
said the government should concentrate on protecting critical
infrastructure and data privacy, and promote education on cybersecurity.</p><p>"People
want to know if they are one of the 10 percent of the computers that
are infected," he said. "They just don't know what to do. Most people
just hope they're one of the other nine."</p>