As for A, it became the government's job when provider apathy with regard to infected clients and hosts with botnet controllers etc permitted a situation to arise where the means of a (supposed) attack for a foreign power is actually based within the US. At that point it stopped being a private security issue and became a national security issue.
I don't like it, but the problem it addresses does exist.
How would you separate policy from mechanism in this case?
Things that are critical to national security should be able to defend themselves from botnets (most likely by firewalling themselves from the public Internet). I think these threats are vastly overstated, mostly by people trying to get more power in to the hands of the government.
As for shutting down hosts involved in a bot net, a court order can do that in an emergency already. Sure, it adds a delay, but it also adds oversight and separates policy from mechanism. The executive branch controls the policy, while the courts control the mechanism.
As for A, it became the government's job when provider apathy with regard to infected clients and hosts with botnet controllers etc permitted a situation to arise where the means of a (supposed) attack for a foreign power is actually based within the US. At that point it stopped being a private security issue and became a national security issue.
I don't like it, but the problem it addresses does exist.
How would you separate policy from mechanism in this case?