Security Watch

Are We Stepping Closer to an Internet Kill Switch?

• By Jabulani Leffall
• 02/22/2011

As Libya cuts off Internet access, much like Egypt before it, the conversation here in America is again centered on the so-called "Internet Kill Switch."

First amendment protection notwithstanding, the question becomes, could such a thing as an Internet shutdown happen on our soil during a widespread civil disturbance or to preempt a state-sponsored or pervasive cyberattack?

Independent Connecticut Senator, Joseph Lieberman, a sponsor of The Cybersecurity and Internet Freedom Act, said it is "impossible to shut down the Internet domestically" and that the new bill introduced late last week would deny the president or other U.S. officials "authority to shut down the Internet."

The 221-page legislative proposal would require organizations housing critical infrastructure (power plants, government agencies, large corporations) to fix IT security vulnerabilities, among other things.

Along those lines, the bill would also create a national center focused on preventing and responding to cyberattacks. Such a center would likely incorporate public and private stakeholders on the way to creating a more centralized security policy for government and enterprises.

Brave new world, indeed.

Microsoft Prescribes Public Health Model for Security
Speaking of a centralized security policy, Redmond thinks it's about time technology groups and government agencies worked together for a standardized framework that would be more like the Centers for Disease Control and Prevention than a typical IT security controls matrix.

At last week's RSA Conference in San Francisco, Scott Charney, corporate VP of Microsoft's Trustworthy Computing, outlined such a plan in his keynote entitled, "Collective Defense: Applying Public Health Models to the Internet." [.PDF document here.--Ed.]

Charney said that there are "currently no global approach to protecting people from the potential dangers of the Internet. And while individual companies typically have IT departments for security threats, Charney argued that "there is no equivalent for consumers worldwide, or even at the national level for most countries." (You can read the transcript of his speech here.)

He further conceded that there are some gaping holes on the Web that should be plugged as if they were outbreaks of infectious diseases.

"Despite our best efforts at education and protection, many consumer computers are host to malware and may be part of a 'botnet,' unbeknownst to their legitimate owners. Botnets are used to send spam or engage in illegal activities," he said, in his speech, adding that "a more serious threat from botnets is that they could be used to attack critical government infrastructure or threaten economic interests."