Senators squared off with Obama administration officials Monday about plans to give the president emergency powers to protect vital U.S. electronic networks from attacks by hackers, cyberterrorists and foreign governments.
The Senate Homeland Security and Governmental Affairs Committee held a hearing on the administration’s legislative proposal, announced two weeks ago, that would rely on a pre-World War II radio emergency law to provide the president with authority to protect key computer and communication networks — like those mainly in private hands that run power grids, phone systems and banking services — from a cyber-attack.
“I must say this baffles me,” said Sen. Susan Collins, Maine Republican, of the administration’s plan to rely on the 1934 statute.
Ms. Collins accused administration officials of relying on “outmoded yet potentially sweeping authorities granted in the Communications Act of 1934” that gave the president the power to take over radio stations in a time of national emergency.
At issue is one of the more controversial elements of any new cybersecurity law — what powers the president should have over the Internet in the event of a catastrophic attack on vital U.S. assets.
“The country would be better off if we did create some new law regarding the authority of the president to act in these emergencies,” said Sen. Joe Lieberman, Connecticut independent and the committee chairman.
“Clearly, if something significant were to happen, the American people would expect us to be able to respond and respond appropriately,” said Phillip Reitinger, Homeland Security undersecretary for infrastructure protection, during the hearing.
Experts say that in the event of a major cyber-attack, authorities might have only a short time to respond and might need to temporarily divert some Internet traffic or take it off-line.
Mr. Reitinger agreed with Ms. Collins that the powers in the 1934 law “were not designed with the current environment that we have in mind.” Nonetheless, he insisted, “There are authorities there.”
The emergency powers question is one in a series of issues, along with the complicated jigsaw of agency authorities and congressional oversight responsibilities, that have for more than two years frustrated congressional efforts to pass a new comprehensive cybersecurity law.
The White House on May 12 proposed legislation in an effort to break the logjam of more than 50 draft laws circulating on Capitol Hill.
One of those proposals became notorious — unfairly, its authors insist — for supposedly creating a “kill switch” that the president could use in an emergency to shut down the Internet to protect vital networks from attack.
In fact, Ms. Collins told the hearing, the committee’s draft law “carefully constrain* and define* exactly what authority the president would have.”
By contrast, she said, the legal basis the administration claimed for the president’s power was “far broader.”
“Different people have different views about how the government ought to be empowered and what the constraints on the government exercise of authorities ought to be,” responded Mr. Reitinger, adding he hoped “there would be further discussions” with Congress “to figure out the right set of mechanisms, if any, that were necessary to move forward.”
Ms. Collins also criticized administration plans to make security assessments of the nation’s most vital computer networks public, an effort at shaming the private sector companies that own them into providing better defense against attacks.
“I’m really surprised that you want that to be public,” she said.