The CyberSecurity Act, designed to protect US network infrastructure against cyber attacks, was introduced almost a year ago. The original wording enabled the President to shut down the internet at his discretion.
The new wording of the bill has removed unilateral power for the President to disconnect networks from the internet, which would essentially have let him pull the plug during a cyber attack.
Under the latest version of the bill, the President must work with organizations that own critical network infrastructure to come up with joint emergency response plans. The President must also decide with them which IT systems are most critical to national security.
The legislation, part of a two-bill package originally delivered to the Senate, has been gradually reworked. Last September, the latest versions of the draft authorized the President to "direct the national response" to a cyber threat.
"The cyber security threat is real, but such a drastic federal intervention in private communications technology and networks harm both security and privacy," said Leslie Harris, president of the Centre for Democracy and Technology, when the bill was first introduced.
This wouldn't have been the first time that critical powers had been concentrated in the presidency. For example, the Global Strike initiative, created under the Bush administration, gave the president power to command a military strike against any target in the world within hours, without the approval of Congress.
The bill as first introduced was supported by the Coalition against Domain Name Abuse, largely for its strategy of implementing a secure domain name addressing system.