DHS could seize networks under new cyber law

A revised draft version of a circulating cyber security bill could grant the Department of Homeland Security (DHS) wide-reaching powers if the legislation is ultimately approved.

Former staff director for the House Oversight and Government Reform Committee Bob Dix – who is now a VP at Juniper Networks – says he fears one specific section of the bill which could theoretically allow the DHS to take “any lawful action” against a contractor if its systems are under attack.

Meaning, the DHS would be granted permission take over the entire network of a civilian contractor – and not just sectors related to a particular government contract.

“There’s some concern about what would be the criteria about that and how it would be the government has the ability under a provision of lawful action to take over a system used by an agency even if it’s owned by a contractor,” Dix told FederalNewsRadio.

“I am worried about the notion that suggests the government would have the authority under law to be able to take over systems of contractors if they view them as having vulnerabilities even if only a small percentage of that is government utilization.”

However, not all analysts share Dix’s interpretation and concern over the the draft bill. For example, James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS), says “you either can try and define prescriptively every single example and those tend to be unworkable, or you have to settle for phrases such as any lawful action.”

“That doesn’t bother me as much,” he continues. “Over time should that authority ever be exercised, they would figure out what that meant. But I think it’s the kind of language that actually points to not taking control of contractor systems. I’m still not sure that would be lawful.”