Wyden To White House: Protecting Nuclear Power Plants Is Different Than Protecting Facebook

from the critical-infrastructure dept

In the case of interactive computer services, such as networks that facilitate commerce, provide search services, or are platforms for social networking and speech, vulnerabilities are unlikely to constitute threats to our national security. It should be clear in any executive order related to cybersecurity that there is a fundamental difference between networks that manage infrastructure critical to public safety, like energy, water, and transportation systems, and those that provide digital goods and services to the public. It would be a profound mistake to subject our growing digital economy to onerous new cyber rules and regulations that stifle innovation, creativity, and job growth. Such rules will not serve to combat the real threat to the nation's critical infrastructure and national security.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Last week, we wrote about a leaked copy of an executive order being worked on by the White House to deal with the lack of "cybersecurity" legislation being passed. We've since learned that this is one ofdifferent executive orders being worked on concerning this issue. We are working on getting the other, more focused, draft as well. That said, we noted numerous problems in the draft we did see, including the broad definition of "critical infrastructure," which basically leaves it pretty open for the feds to declare almost anything "critical infrastructure," thereby putting tremendous pressure on private companies to comply with a set of rules that may not make much sense.This is, quite reasonably, raising some concerns. Senator Ron Wyden has sent a letter to the White House's Cybersecurity Czar Coordinator , J. Michael Daniel, to point out that there's a pretty big difference between things like nuclear power plants and social networks online -- and any executive order that fails to take that into account seems problematic. The full letter is embedded below, but a snippet:Indeed. While we tend to agree that various internet services are important to our economy, to argue that social networks are somehow the equivalent of energy systems, water treatment plants or the like seems obviously ridiculous. All it ends up doing is leaving a massive opening for the feds to seek much greater access and control over the internet services we use every day than they really need.There are reasonable fears that some in the government are really using scare stories about planes falling from the sky due to cyberattacks to really open up access to private communications systems on the internet for surveillance purposes. Given what we've seen with other spying efforts, such worries seem quite justified. This is not unlike supporters of SOPA using the very narrowly focused issue of fake drugs as an excuse to pass expansive copyright laws dealing with file sharing online. In this case, it seems like those who really just want access to online communications may be using claims of "threats" to "critical infrastructure" to backdoor their way in. And the trick is just to define "critical infrastructure" really broadly. Hopefully people recognize that the definitions here really do matter, and that any executive order is very narrowly focused towards actual critical infrastructure.

Filed Under: critical infrastructure, cybersecurity, ron wyden