Politico: Protecting America in cyberspace
American businesses are under attack. Right now, countless hackers in China – many sponsored by the government – are actively trying to steal valuable intellectual property from U.S. Fortune 500 companies. Every day, China, Russia, Iran and others are blatantly stealing reams of information from U.S.-owned computers.
This unprecedented heist, at an estimated cost of $1 trillion per year worldwide, includes the theft of the crown jewels of our economy: intellectual property created by American ingenuity and housed on corporate computer networks across our nation.
This intellectual property is the product of massive capital investment in research and development. It’s vital to creating U.S. jobs and protecting our way of life. Today, this intellectual property is being stolen and used in the international marketplace against the very companies that developed it.
The sheer scale of this theft is both staggering and unprecedented. Governments and militaries have long conducted espionage against each other. These espionage activities over the years, however, largely focused on collecting government and military intelligence – not wide-scale theft of private-sector intellectual property.
These brazen attacks are not just limited to our high-tech industry or military contractors. They target broad swaths of U.S. industry. If the fruits of American research and development continue to flow to Chinese competitors, our companies will likely stop investing and innovating.
Imagine if U.S. pharmaceutical companies stopped working to make cheaper life-saving drugs because they got tired of handing their recipes over to foreign hackers.
The United States isn’t the only target here. The cyber thieves span the globe and threaten the economies of our allies in Asia and Europe alike. We can and should work with these countries, applying our combined diplomatic and economic leverage to pressure nations to put an end to this piracy.
We must all remember that, in today’s globalized world, economic security is national security. Nations that ignore private property rights must be held accountable.
We also face cyber threats from terrorist groups and criminal gangs, many of whom are beyond the reach of political and economic pressures that would work on nation-states. These groups may also target individual Americans or even try to attack our economy’s core institutions, like the stock market or banks. Moreover, some countries – like North Korea – have shown that even political and economic pressure won’t stop them.
Whether or not we ever convince countries like China to voluntarily stop their economic cyber espionage, we must do more here in the U.S. to improve our cyber security. This includes sharing cyber threat information with the private sector — so it can defend itself and its proprietary information.
Our intelligence community collects valuable information about advanced foreign cyber threats that could dramatically assist the private sector. But we’re not getting the full value of those intelligence insights.
The intelligence community needs to be able to share the classified and unclassified computer code for malicious viruses and worms so that the private sector can protect its networks and the networks of its corporate customers. Current law prohibits this from happening.
We must also modernize the law to give the private sector clear authority to identify threats and share this information within the private sector, as well as with the government on a purely voluntary, anonymous basis.
At the same time, we must ensure the privacy of all American citizens is protected, and that information voluntarily provided to the government is properly safeguarded. To do so, we must ensure that the Privacy and Civil Liberties Oversight Board is conducting strong oversight over the information that the government gets from the private sector. Sensitive threats or vulnerability information must not be disclosed without authorization.
Finally, we must ensure companies who do the right thing by looking for cyber threats and sharing information are protected from frivolous lawsuits.
These efforts will empower the private sector – which already does significant work to protect computer networks – to do even more. It will also help build a more robust cybersecurity marketplace, with expanded offerings and stronger protection for U.S. companies. It will create jobs in the information technology sector — all while protecting the jobs across America that depend on intellectual property.
We plan to introduce on Wednesday legislation to move us forward, working with other key members of both political parties. Our bill will be short and to the point. It is designed to allow the intelligence community to share malicious computer code with eligible Internet service providers and other companies, so they can prevent it from getting anywhere close to our intellectual property secrets. This will be done on a completely voluntary basis.
Our bill does not have additional federal spending or impose added regulations or unfunded mandates on the private sector. It will instead be a critical, bipartisan first step toward enabling the U.S. private sector to do what it does best: create, innovate and sell.
Rep. Mike Rogers (R-Mich.) is the chairman of the House Permanent Select Committee on Intelligence. Dutch Ruppersberger (D-Md.) is the ranking member on the committee.