Bill Could Give Homeland Security Power Over Tech Giants

By Jeremy A. Kaplan

Published November 23, 2010

Some members of Congress, concerned about shoddy cybersecurity at government and critical technology websites, are proposing that the Department of Homeland Security should have the power to force private networks to secure themselves more effectively.

But several cybersecurity experts say a broadly worded bill that has been referred to the House Committee on Homeland Security could impact many ordinary tech firms that merely play a role in infrastructure. If the bill becomes law, even firms like Apple, Microsoft and Google could come under DHS's thumb, says Michael Gregg, chief operating officer of the cybersecurity firm Superior Solutions.

"They are stepping forward to regulate a potentially huge amount of the Internet," Gregg told "It's up to DHS to decide who they want to fall under this umbrella. I have little doubt that large tech companies such as AT&T, Verizon, Microsoft, Google, Apple and Cisco could all find themselves being heavily regulated."

Representatives from those firms declined to comment on the pending regulations. But given DHS' record on security, Gregg said they should have reservations about granting the agency such sweeping oversight.

"Just consider the recent DHS / TSA body-scanner fiasco," he said. "The thought of DHS in charge of cybersecurity will strike fear in most U.S. tech companies."

The Homeland Security Cyber and Physical Infrastructure Protection Act of 2010 (HR 6423, proposed by Rep. Bennie G. Thompson, D-Miss.) would empower DHS to set security standards for the networks at various private facilities and would authorize penalties against any websites it deems to have lax security.

The bill would create a new department within Homeland Security, called the Office of Cybersecurity and Communications, and a new Cybersecurity Compliance Division that would measure and rate how effectively certain private companies respond to network security risks.

The bill's goal is to muscle better security onto .gov websites and critical infrastructure sites, including ports and power plants, to limit the country's vulnerability to cyber espionage, said Thompson.

"Cyber attacks, whether originated by other countries or sub-national groups, are a grave and growing threat to our government and the private sector. This bill provides new tools to DHS to confront them effectively and make certain that civil liberties are protected,â€