Amid the hubbub surrounding distributed denial of service attacks on banks and other companies, some U.S. senators are taking steps to thwart another type of cyber threat: state-sponsored digital thieves bent on stealing business secrets from the U.S.
Under the terms of the proposed law, the Deter Cyber Theft Act, the Director of National Intelligence would be required to compile an annual list of countries that engage in economic or industrial cyber espionage against U.S. firms. The legislation was introduced Tuesday by a bipartisan group of senators.
The director also would have to share information about what technologies or proprietary information have been swiped, the items produced that use the information, and a list of foreign companies that benefitted from the theft.
The bill would authorize the President to block imports that contain technology allegedly stolen from U.S. firms, products made by state-owned firms of countries on the intelligence agencies watch list, and items made by a company the intelligence agencies say has benefitted from such theft.
We need to call out those who are responsible for cyber theft and empower the president to hit the thieves where it hurts most in their wallets, by blocking imports of products from companies that benefit from this theft, Armed Services Committee Chairman Carl Levin, who introduced the bill, said in a statement.
Some foreign governments, businesses and state-owned enterprises are today using cyber espionage to steal American intellectual property and rob U.S. ingenuity and innovation in order to gain competitive advantage, added Senator John McCain, R-Ariz., a cosponsor of the measure.
The legislation comes as companies face threats from state-sponsored hackers who previously reserved their firepower for government targets, according to experts.
Advanced threat actors have shifted the application of their sophisticated tools, tactics and procedures from U.S. government targets to corporate America, Kevin Mandia, the chief executive of digital security firm Mandiant, told a Senate Judiciary subcommittee in testimony Wednesday. Many American companies, even if they are compliant with cyber-security regulations and best practices, are not prepared for these advanced threats.
In February, Mandiant reported that hackers backed by the Chinese military have swiped business plans, technology blueprints, manufacturing processes, network user credentials and other secrets from hundreds of companies in the U.S. and other countries, including financial firms.
On Monday, the Defense Department charged the Chinese military with hacking into U.S. computer networks and stealing secrets that relate to national security.
China is using its computer network exploitation capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support U.S. national defense programs, the Pentagon wrote in an annual report to Congress on military and security developments involving the Peoples Republic of China.
China has rejected the charges as baseless. The Pentagon has made irresponsible comments about China's normal and justified defense build-up and hyped up the so-called China military threat," Reuters quoted foreign ministry spokeswoman Hua Chunying as saying.
The push in the Senate to deter electronic espionage represents a ramping up of legislative activity. Last month, the House of Representatives passed a
House Intelligence Committee Chairman Mike Rogers, R-Mich., has said he also backs legislation that would punish companies from China and elsewhere that use secrets stolen by cyber thieves.
