Could President Obama, in the event of a massive cyber attack against government computers, be given the power to bring Internet traffic to a stop?

That's the big question being asked in cyber security circles today. The answer is no, at least not based on the Cybersecurity Act of 2009 that Sen. Jay Rockefeller first (D–W.V.) proposed in April nor on an excerpt of the revised bill that's been floating around the Web since late last week.

The confusion arises from some of the language in the bill's original version, which proposes to give the president authority to declare a cyber security emergency and "order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network." By critical infrastructure, we're talking about the computers that run utilities, banks, hospitals and government agencies—the institutions that society relies on to function normally. The first draft of the bill also seeks to give the president the ability to "order the disconnection of any Federal Government or United States critical infrastructure information systems or networks in the interest of national security."

An excerpt of the revised bill, obtained by CNET, would still give the president authority to declare a cyber security emergency, but it makes no mention of tinkering with Internet traffic or disconnecting government computers from networks they might share with critical infrastructure systems.

It's important to note that the proposed legislation (both the original and the revised copies) would give the U.S. federal government the ability to protect its computers from attack by closing off areas of vulnerability—which could include connections to the Internet or any other network—something it presumably already does when under attack.

In reality, the government controls very little of the country's critical infrastructure, more than 85 percent of which is in the hands of private industry. Much effort has gone into getting private companies to voluntarily share information with the government—in particular, the U.S. Department of Homeland Security—but these plans are still being worked out.

Whether the U.S. government even could control the Internet is another issue. As notes in a blog today, "There is no on-off switch for the Internet." Given that it is a network of networks without any true central control point, "any attempt to redesign that architecture to give the president that on-off switch, though theoretically possible, would be costly and realistically impractical," says.

Image © Sean Locke