The Internet kill switch: still a bad idea
With US politicians dithering over the prospect of potential cyber-attacks from China and elsewhere (but mostly China), independent Senator Joseph Lieberman has proposed a solution: a bill that would grant the US President unlimited power to shut down part or all of the Internet in the case of a cyberattack.
The “Internet kill switch” at the core of the so-called Protecting Cyberspace as a National Asset Act (PCNAA) isn’t a new idea – the same idea was pitched over a year ago in another bill, the Cybersecurity Act of 2009, co-sponsored by Sen. John Rockefeller (D-WV) and Sen. Olympia Snowe (R-ME).
However, the kill-switch provision was eventually dropped from the 2009 bill for a rather good reason: it was a silly and useless idea.
It’s no less silly and useless now.
Forget the paranoid nonsense about the Internet kill switch giving Obama the ability to shut down news sites and bloggers – an Internet kill switch is technologically implausible to begin with.
Even if you could devise a kill switch mechanism of some kind, it’s not likely to thwart a hacker attack, especially one designed with a kill switch in mind. And if the attack is that unsophisticated, odds are it could be prevented, or at least minimized, by keeping security patches up to date.
(On a side note, the Australian government is actually considering a proposal that would require users to keep their anti-virus and firewall software updated or lose their Internet privileges. It would also require ISPs to ensure their users conform to the rules. Good luck with that, Australia.)
BT Counterpane CTO Bruce Schneier also points out that the kill-switch concept in general can create more security problems than it purports to solve.
An Internet kill switch also carries plenty of unforeseen consequences, and not just in the US. The Internet is a global network that most businesses and utilities depend on to function, many of them in mission-critical ways – shutting down parts of the Internet in the US would have global ramifications.
Which may be why Senator Lieberman’s chief defense of the PCNAA besides the usual national-security concerns is that the law is necessary to protect Internet service providers from lawsuits. So, for example, if the President orders AT&T to shut down its entire data network to ward off a cyberattack, AT&T’s corporate customers – or anyone else affected – can’t sue the telco for damages due to the business losses they might suffer during the shutdown.
Also, says Lieberman somewhat disingenuously, China shuts down its Internet all the time, so why can’t we?
No wonder the conspiracy wingnuts are worried.
None of this is to say that hacker attacks on “critical infrastructure” (whatever that means) aren’t a potential threat, whether they’re carried out by terrorists, rogue states or organized crime syndicates.
But the actual nature of the threat has been blown way out of proportion. And as long as that’s the case, politicians will continue to propose overblown and useless solutions.