Building Cyber Walls: Executive Emergency Powers in Cyberspace

Building Cyber Walls: Executive Emergency

Powers in Cyberspace

Laura B. West*

INTRODUCTION

The Executive is granted broad authorities upon declaring a national emer-

gency. As of this writing, there are thirty-five active declared national emergen-

cies in the United States, the oldest of which dates back to the Iran Hostage Crisis

in 1979.

1

Not surprisingly many of these continuing states of emergency—that

last on average nearly ten years—address some facet of the war against terror.

2

These emergencies appear to illustrate that the American public acquiesced to

broad grants of authority to the Executive; Americans seemingly yielded to the

idea of a forever emergency, especially when it comes to terrorism. Recent

declared emergencies, however, should heighten concerns about the appropriate-

ness of such acquiescence for a forever emergency and invoke doubts about the

permissible scope of the Executive’s authorities.

The southern border wall emergency is a prime example. Declared by

President Trump in February 2019, the border wall emergency quickly put the

emergency powers under a microscope and subject to harsh public criticism.

3

Yet

lurking under the radar of the border wall media frenzy is a nascent “endless

emergency”

4

that arguably requires even more urgent attention—the cyberspace

emergency.

* Major Laura West is a Judge Advocate in the U.S. Army and currently serves as the Deputy Chief

of National Security Law at U.S. Cyber Command. Major West earned an LL.M., with distinction, from

Georgetown University Law Center in National Security Law, an LL.M. from The Judge Advocate

General’s Legal Center and School in Military Law, a J.D. from William and Mary Law School, and a

B.S. from the United States Military Academy. The views expressed in this article are those of the

author and do not necessarily represent the views of the Department of Defense or any other government

agency. I would like to thank Professors Mitt Regan, Mary DeRosa, and Carrie Cordero their thoughts

that helped shape this article. I also wish to thank my husband, Brandon, for all of his expert advice and

unwavering support. All errors are my own. © 2021, Laura B. West.

1. See BRENNAN CTR. FOR JUST., A GUIDE TO EMERGENCY POWERS AND THEIR USE (2019). President

Trump declared an additional national emergency concerning the novel coronavirus on March 13, 2020,

issued as this article went into editing. See Proclamation No. 9994, 85 Fed. Reg. 15,337 (Mar. 18, 2020).

2. See id.

3. See, e.g., Peter Baker, Trump Declares a National Emergency, and Provokes a Constitutional

Clash, N.Y. TIMES (Feb. 15, 2019), https://perma.cc/7S5D-3KST. Democratic leaders, Speaker Pelosi

and Senator Schumer, described the emergency declaration as “plainly a power grab by a disappointed

president, who has gone outside the bounds of the law to try to get what he failed to achieve in the

constitutional legislative process.” Id. The emergency declaration enables the President to divert $3.6

billion from military construction projects to the wall, if it withstands judicial scrutiny. Id. Congress had

explicitly denied the construction of a wall and voted to the end the emergency, but the President vetoed

the resolution, thus keeping the emergency in place. See BRENNAN CTR. FOR JUST., supra note 1.

4. See Jordan A. Brunner, Comment, The (Cyber) New Normal: Dissecting President Obama’s

Cyber National Emergency, 57 JURIMETRICS J. 397, 397-98 (2017).

591

In 2015, the first cyberspace emergency was declared by President Obama in

response to the unique and then unprecedented 2014 Sony Pictures cyber hack by

North Korea.

5

President Obama declared this national emergency to deal with the

“unusual and extraordinary threat” of “malicious cyber-enabled activities.”

6

The

President continuously renewed this emergency since its inception.

7

In 2019,

President Trump added another cyberspace emergency to the growing list of

active emergencies. Pursuant to the Executive’s emergency powers, President

Trump declared certain telecommunications equipment, classified as a national

security risk, to be banned from use by American companies.

8

The advent of the cyberspace emergency requires careful and urgent attention

for a number of reasons, the most pressing presented here. First, these emergen-

cies come in the wake of an alarming rise in internet shutdowns around the

world.

9

Internet shutdowns, touted by states as emergency methods for repelling

massive cyber-attacks, are also documented as primary tools used by totalitarian

regimes to stifle speech and dissent.

10

Second, running parallel to this growing

internet shutdown movement, is the undeniable fact that the internet and telecom-

munications infrastructure are now an indispensable part of the nation’s intercon-

nected modern life, and is being threatened daily by ever-changing and growing

malicious cyber-attacks. Finally, over the last year, a worldwide pandemic broke

out and continues to take an unimaginable toll on Americans’ daily existence and

5. The Sony Pictures hack was exceptional at the time; it was the first highly publicized attack that

occurred in U.S. territory, covered in mainstream American media, and elicited a timely public

government response. See CATHERINE A. THEOHARY, CONG. RESEARCH SERV., RL45142, INFORMATION

WARFARE: ISSUES FOR CONGRESS, 7 (2018), https://perma.cc/WH9K-58YT (noting the unique nature of

the Sony attack, to include “threats of physical destruction, affect[ing] the decision-making process of a

private company, exploited the human element of fear in a civilian population, imposed extra-territorial

censorship, and triggered a response from the U.S. government”); see generally Ellen Nakashima, Why

the Sony hack drew an unprecedented U.S. response against North Korea, WASH. POST, (Jan.POST (Jan.

15, 2015), https://perma.cc/LML2-WZZC.

6. See Exec. Order No. 13,694, 80 Fed. Reg. 18,077 (Apr. 1, 2015). Since the Sony hack, the U.S.

imposed additional sanctions under cyberspace emergency authorities in 2016 and 2018 on Russia in

response to cyber election interference. See Exec. Order No. 13,757, 82 Fed. Reg. 1 (Dec. 28, 2016);

Exec. Order No. 13,849, 83 Fed. Reg. 48,195 (Sept. 20, 2018). In 2017, legislation was also

implemented imposing further sanctions on Russia, Iran and North Korea due to cyber-related attacks.

See Countering America’s Adversaries Through Sanctions Act, Pub. L. No. 115-44 (2017).

To note, this article uses the terms “cyber hack,” “malicious cyber-enabled activities,” and “cyber-

attack” to mean in a general sense any type of malicious cyber operation. The term cyber-attack is used in

this article as a colloquial term to better understand the scale and consequences of such an operation;

however, it is not necessarily meant to be interpreted narrowly in the terms of an attack qualifying under

the law of armed conflict. Such an analysis exceeds the scope of this article that is geared toward a

domestic analysis. Specifically, this article is more focused on examining a “cyber-attack” as an operation

that could encompass a wide range of incidents effecting cyberspace within the United States—it makes

no reference to the intent or origins of the operations or attacks.

7. Continuation of the National Emergency With Respect to Significant Malicious Cyber-Enabled

Activities, 84 Fed. Reg. 11,877 (Mar. 28, 2019).

8. See Exec. Order No. 13,873, 84 Fed. Reg. 37,055 (May 15, 2019).

9. See discussion infra Section II.A.

10. See Samuel Woodhams, Contesting the Legality of Internet Shutdowns, JUST SECURITY (Oct. 1,

2019), https://perma.cc/5ERS-DBM4.

592 JOURNAL OF NATIONAL SECURITY LAW & POLICY [Vol. 11:591

human life. The nation’s response to controlling the virus exposed critical vulner-

abilities in national authorities and, unfortunately, demonstrates all too clearly

how high the stakes are in refining national emergency authorities.

This state of affairs today raises the broad question of whether the United

States government has appropriately tailored authorities and corresponding tools

necessary to effectively defend against, recover, and maintain resilient networks

during and after a massive cyber-attack. As mentioned above, the United States

most notably responded to that question with a declared cyberspace emergency,

unlocking significant broad authorities at the President’s disposal to assist in the

deterrence of such attacks.

But what is the true scope of a cyber national emergency authority? Imposing

sanctions as President Obama did in 2015 with the first cyberspace emergency is

likely only the tip of the iceberg for the scope of the Executive’s emergency

powers. More concerning and the focus of this article, though, is that similar to

those totalitarian regimes, cyber national emergency powers may have a vast

scope that goes so far as to permit the President to direct an internet shutdown,

otherwise known as directing the proverbial “kill switch.”

Most scholars who have tackled the internet “kill switch” subject come to a rather

hasty conclusion that the President has the authority to shut down the internet under

his emergency powers by invoking section 706 of the Communications Act of 1934

(codified as 47 U.S.C. § 606).

11

Over the years, this supposition has been debated on

the fringes. This article adds to that debate, brings it front and center, and argues that

the current legal authorities are wholly inadequate to address the possible need to

quarantine, isolate, or shutdown computers or portions of the internet or networks

within the United States in a time of emergency caused by a massive cyber-attack.

Even if current domestic authorities can withstand the policy and legal scrutiny, the

uncertainty and potency surrounding such authorities is enough to warrant new

legislation that can provide “clear guidance and an enhanced ability to rapidly

execute national level decisions for response options to sophisticated attack.”

12

Accordingly, the time is now to rethink executive cyberspace emergency powers

before there is a true need to build cyber walls.

Part II of this article illustrates the current cyber threat picture facing the United

States. Part III then discusses the main target of these threats in cyberspace: the

11. See William Toronto, Fake News and Kill Switches: The U.S. Government’s Fight to Respond to and

Prevent Fake News, 79 A.F. L. REV. 167, 180 (2018); Jessica “Zhanna” Malekos Smith, Where the Cyber

Things Are, 5 HOMELAND & NAT’L SECURITY L. REV. 1, 15-18 (2016); Scott Ruggiero, Comment, Killing

the Internet to Keep America Alive: The Myths and Realities of the Internet Kill Switch 15 SMU SCI. &

TECH. L. REV. 241, 241-42 (2012); Karson K. Thompson, Not Like an Egyptian: Cybersecurity and the

Internet Kill Switch Debate, 9 TEX. L. REV. 465, 477 (2011); Gene Healy, Emergency Exit Strategy, CATO

INST. (June 24, 2019), https://perma.cc/DGT6-DSEP; Elizabeth Goitein, The Alarming Scope of the

President’s Emergency Powers, THE ATLANTIC (Jan./Feb. 2019), https://perma.cc/YD8E-WY2G. But see

David W. Opderbeck, Does the Communications Act of 1934 Contain a Hidden Internet Kill Switch?, 65

FED. COMM. L.J. 1, 17 (2013); cf. Paul Rosenzweig, The Powers of Trump and the Internet “Kill Switch”,

LAWFARE BLOG (June 2, 2016), https://perma.cc/53PM-M5PT.

12. National Security Telecommunications Advisory Committee, NSTAC Response to the Sixty-Day

Cyber Study Group Mar.(Mar. 12, 2009) [hereinafter NSTAC], https://perma.cc/99EP-KHZE.

2021] BUILDING CYBER WALLS 593