The problem sits allowing other countries access to key data, where there is little security is used on the other end.
That's the biggest problem right there, where the emphasis of the bill and of too many people are on the end-to-end and server access security, but in large part, it is even more fundamental than that. It's in the basic peering infrastructure that determines routes for data packets, and thus what can constitute a "critical system". There are plenty of scenarios where any and all international traffic that touches North America can be considered as a "critical system", and thus the entire Internet domestically, every connection, would be at risk for being designated a "critical system".
Everything is based on what is called the Border Gateway Protocol (BGP), which is based on trust. It advertises correct routes, the best routes, and which routes are bad. All the "root servers" takes this information, propagate it, and then acts accordingly. An Internet OFF switch in the White House will not stop this kind of attack because, for all intents and purposes, the Internet will have already been shut down.
For example, about a year ago the government of Pakistan decreed that all traffic to Youtube must be blocked in Pakistan because Youtube contains evil blasphemous content. A Pakistani ISP, PieNet, then started redirecting and filtering routes to and from Youtube, in effect (and unintentionally) annoucing to other servers the best routes to Youtube. (It's a larger scale version of redirecting SPAM sites to 120.0.0.1 in your HOSTS file, or example.) Misinformation, which works on the local level, but has serious ramifications elsewhere. They rerouted all of Youtube's IPS's to a site they felt was more appropriate. Other root servers pick up on this and likewise redirect their routes, worldwide, because the root servers have been told the best route to Youtube is through Pakistan.
The initial impact was that Youtube disappeared from the Net for about an hour, followed quickly by Pakistan's Internet access crawling to a speedy halt as they were now handling
all traffic for one of the busiest sites in the world. Traffic that is good for one popular site must therefor be good for others, and soon millions of other unrelated sites had their routes be redirected through Pakistan.
PCCW, the telecom that carries most of Pakistan's traffic, was finally forced to shut off Pakistan from the net for several hours while it filtered out the malicious routes. In the meantime, nearly all traffic worldwide for Youtube, as well as a rapidly growing number of non-Youtube sites, was trying to be forced through Pakistan, and Pakistan was simply dropping the packets. The Internet was literally on a Superhighway to nowhere.
The Internet was within hours of collapsing under its own weight, and would have been down for at least 24 hours before everything was back up and running normally. (IIRC, there was also problems with some people accessing EO at that time for a bit, as well as many other sites around the world. The net was just acting "weird" for a lot of people.)
And that was due to an accident. And it was on just one BGP server with an AS number (autonomous system number that identifies the routes to other EIGRP routers). Imagine a coordinated attack on a few dozen AS servers. None would have to be within the United States for it to happen. An Internet kill switch in the White House would have no effect, as it would be designed with security in mind, to thwart an attack on a critical system, like a hack into the banking system or something.
This "vulnerability" has been known since the inception of the third Usenet server, and it was put there on purpose. It's how the Internet works to self-regulate the flow of traffic. When servers and routers become overloaded and malfunction or fail due to hardware issues, the routing of traffic to to better routes is automatic. But it's all based on trust of the BGP. Unless or until the fundamental infrastructure of the Internet is rewritten from scratch, nothing will change, and no amount of Band-Aid legislation will fix it.
Here's a good illustration of just a single EIGRP server
(the BCIX route server) and how propagation occurs. The illustration shows just the tiniest piece of the net, a microscopic snapshot of the Web, a single route server. Keep in mind that there are thousands of these servers, all of them interconnected, all answering to each other at the speed of light (or really close to it), and each one of these servers deal with thousands of ISP routers and end user networks, literally billions of IP addresses worth of traffic, all needing to be routed, all accepting marching orders from the EIGRP servers using the Gateway Border Protocol.
