I urge everyone in the IT community to download and read S.773 - The Cybersecurity Act of 2009. This bill contains a number of troubling provisions beyond the most obvious one, which is Presidential ability to control the Internet by preventing its use when he deems it necessary to do so. It would require the President to establish a Cybersecurity Advisory Panel without requiring any approval of the members of such panel by Congress. It also requires the Secretary of Commerce to assist the panel with the creation of Regional Cybersecurity Centers that must be affiliated with a non-profit organization or consortium, funded by the panel. Per my reading of the bill, all of this is to be done by people who not been vetted or approved by Congress in any way. It places all of that power in the hands of the President and certainly creates an opportunity to politicize the entire process.
Within one year, the Secretary of Commerce must develop a national licensing, certification and recertification program for cybersecurity professionals. Beginning three years after the bill is passed, "it shall be unlawful for any individual to engage in business in the United States, or to be employed in the United States, as a provider of cybersecurity services to any Federal agency or an information system or network designated by the President, or the President's designee, as a critical infrastructure information system or network, who is not licensed and certified under the program." Ask yourselves, please, who gets to define what is or isn't a critical infrastructure information system or network. That's correct. It's the President (or his designee).
But wait ... there's more. Within one year after the bill is passed, the President (or his designee) gets to tell Congress if he wants to require cybersecurity to be a factor in all bond ratings (presumably only for private-sector companies and not federal bonds), Here's where it really gets good. "The term "cyber" means - (A) any process, program, or protocol relating to the use of the Internet or an intranet, automatic data processing or transmission, or telecommunication via the Internet or an intranet; and (B) any matter relating to, or involving the use of, computers or computer networks." Let's see if they left any possible use of computers out of that definition. Nope, they even seem to have VOIP covered. The President can control every computer in the country under that definition, irrespective of whether or not it is part of critical security infrastructure. The point here is that this bill is seemingly titled to make people think that it is a well-intended way to protect our country. When you dig deeper into the bill it clearly spells out command and control of potentially every computer in the country by ... the President. Forget about the person who is in office now. This is a dangerous consolidation of power in the hands of whomever is in the office of President. Read the bill and decide for yourself if this is the path the United States should continue going down - consolidating more and more power in the hands of one man (or woman). Then make your feelings know to your U.S. senators ASAP.