Lieberman and his staff on the Senate Committee on Homeland and Security and Government Affairs say that the bill limits the powers that the president already has as a result of the 1934 Communications Act, which was amended in the 1996 bill. The president already has the power to “shut off any and all regulated telecommunications if he deems it necessary for national security.” Leslie Phillips, the communications director for the committee,”said “The very purpose of this legislation is to replace the sledgehammer of the 1934 Communications Act with a scalpel.”
“Lieberman’s Protecting Cyberspace as a National Asset Act of 2010 …requires that owners of critical infrastructure, a definition that dates to the PATRIOT Act, work with the newly created director of the National Center for Cybersecurity and Communications within the Department of Homeland Security, to develop a risk assessment and a plan to mitigate their risks in the case of a national cyber emergency.”None of those response plans expressly require that telecommunications providers develop a kill switch; in fact, the director is prohibited from requiring an critical infrastructure owner or operators from using any specific mechanism.
The owners and operators of covered critical infrastructure shall have flexibility to implement any security measure, or combination thereof, to satisfy the security performance requirements described in subparagraph (A) and the Director may not disapprove under this section any proposed security measures, or combination thereof, based on the presence or absence of any particular security measure if the proposed security measures, or combination thereof, satisfy the security performance requirements established by the Director under this section.
Phillips reiterated this point with TPMDC: “There is not a ‘kill switch.'” When asked what measures might be envisioned by the legislation, she said, “A software patch, or a way to deny traffic from a certain country. All these measures were be developed with the private sector, not imposed on it.”
In addition to the measures that allow companies to come up with their own ways to mitigate the risks to their companies (and customers) from cyber attacks, and the requirement that they use the least disruptive means possible and attempt to mitigate larger impacts, the legislation also only allows the President to impose the state of emergency for 30 days, with a potential extension of 30 days. Under current law, he is allowed to shut down any and all telecommunications infrastructure for as long as he likes.”