December 12, 2010

As Cyberattacks Over Wikileaks Grows, Gillibrand, Clarke Call On U.S. To Launch Global Effort To Crack Down On Cyber Criminals

Gillibrand Proposal Strengthens U.S. Cyber Security, Holds Foreign Countries Accountable

New York, NY – After a week in which WikiLeaks supporters launched cyber attacks targeting American companies MasterCard, Visa, and PayPal, Senator Gillibrand, a member of the Senate Foreign Relations Committee, and Representative Yvette D. Clarke, Chairwoman of the House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, called on President Obama to launch a global effort to crackdown on cyber criminals. Standing at Symantec's New York City office, lawmakers urged the President to adopt proposals to protect New York businesses and infrastructure by putting foreign countries who fail to enforce cyber security laws on notice and sanctioning those who do not cooperate.

During the past week, MasterCard, Visa, PayPal and other American companies that have cut ties to WikiLeaks, were sabotaged by a string of coordinated cyber attacks. The global cyber assault intended to flood the companies' websites with traffic, block all access and make them unavailable to customers around the world.

In addition to these attacks, State Department documents disclosed by WikiLeaks earlier this month demonstrate that government-sponsored cyberwarfare is a real and serious threat. Previously classified cables released by WikiLeaks confirmed suspicions that China’s persistent attacks on Google and other American businesses were supported by the Chinese government. 

“The cyberattacks we’ve seen in the last week show that America and the world is vulnerable to a full scale cyber war,” Senator Gillibrand said. “America must be able to defend against these types of attacks and shut down cyber threats around the world. This must be a top priority for our national security and our economy. We must go after cyber criminals wherever they are – and it must be an international effort. Our plan would require the President to identify threats abroad, hold countries accountable to ensure they crack down on their own cyber criminals, and cut off U.S. aid and resources for countries that refuse to take responsibility. By getting tough on cybercrime globally and working with the international community, New York City businesses and families will be safer.”

“Unfortunately, we have seen just how destructive cyber attacks can be to our businesses and cyber space,” said Representative Clarke. “Hackers can, as of now, easily get into and shut down the  cyber infrastructures that major corporations and organizations depend on. As chairwoman of the House Homeland Security subcommittee on Emerging Threats, Cybersecurity and Science and Technology, I believe that we must put aggressive measures in place to protect our cyber infrastructure from attack. We must bolster our cyber space by putting the proper tools in place to protect it from cyber criminals both in the public and private sector.  Our national security depends on it.”

In a letter to President Barack Obama, Senator Gillibrand expressed disappointment that more has not been done to improve U.S. foreign policy mechanisms that would address cybercrime and cybersecurity. The Senator also urged the Obama Administration to enhance the State Department’s foreign policy mechanisms to address cybercrime and cybersecurity by formalizing an approach that designates key resources to meet the challenges we face. 

Senator Gillibrand has teamed up with Senator Orrin Hatch (R-Utah) to author the International Cybercrime Reporting and Cooperation Act, a bipartisan bill to hold foreign countries accountable for cybercrime committed in their country. Sen. Gillibrand’s legislation has broad private sector support, from Microsoft, eBay, Paypal, HP, Cisco, Symantec, McAfee, Visa, Citi, AmEx, MasterCard, Business Software Alliance, BITS and Financial Services Roundtable.

“Identity theft, the leaking of classified or sensitive information, and cyber attacks overall will not abate anytime soon,” said Symantec Chief Technology Officer Mark Bregman. “Cybercrime activities pose a significant threat to national security, and events in recent weeks should stand as strong evidence that the time for cyber security legislation is ripe.  We encourage Congress to follow the continued leadership that Sen. Gillibrand has exhibited on moving to reduce cyber crime issues and pass meaningful cyber security legislation such as the International Cybercrime Reporting and Cooperation Act.  This much-needed legislation will help foster a more effective global response to cyber attacks by encouraging the development of global cybersecurity best practice guidelines.  We look forward to working with Senator Gillibrand in the 112th Congress in support of her continued efforts to address malicious cyber crime activity and to continue making the Internet safer.”

The United States remains the highest target of cyber crimes, accounting for 23% of cyber assaults worldwide. Estimates show that New York City businesses lose more than $1.9 billion from malicious cyber activity each year. Cyber attacks such as the ones perpetrated in China, resulted in the loss of $67.2 billion nationwide in 2005, according to Government Accountability Office (GAO) estimates. According to studies by McAfee Inc, the global economy lost over $1 trillion in 2008 due to these activities. 

Global criminal networks continue to grow in volume and sophistication in an attempt to steal, exploit, or destroy information. United States Secret Service estimates that as much as 70% of cybercrime originates from outside the United States. According to Symantec, there have been more viruses and other cyber intrusions in the past 15 months than in the past 18 years combined. Yet key countries, including China and Russia, have not signed onto international cyber crime agreements and have not taken adequate measures to reign in cyber criminals.

 

Further, in the second half of 2009, Microsoft was forced to clean 15.4 million computers nationwide due to malicious attacks. In the first quarter of this year alone, 11 million computers were infected.

A Symantec survey conducted in August 2010 revealed that more than half of companies in critical infrastructure areas, including banking and finance, information technology, and health care, suspected of being victims of cyber attacks and reported being attacked 10 times over the past five years.

In an effort to boost America’s cyber security, improve U.S. coordination with allies, and establish tough, new ways to crack down on cyber threats internationally, Senator Gillibrand introduced the International Cybercrime Reporting and Cooperation Act earlier this year. Representative Clarke is the lead sponsor of similar legislation in the House, with Representatives Timothy Bishop (D-NY), Peter King (R-NY), and Anthony Weiner (D-NY) as co-sponsors of the bill.

Issue Annual Presidential Report

The bill would require the President to annually report to Congress on the assessment of countries’ use of information and communications technologies (ICT) in critical infrastructure, the extent of cybercrime in each country, the effectiveness of each country’s legal and law enforcement systems to combat cybercrime, and countries’ online protection of consumers and commerce.

Deliver Foreign Assistance to Prevent Cybercrime Havens

To prevent countries from becoming future cybercrime havens, the bill would give countries with low ICT penetration priority when it comes to U.S. or multilateral assistance programs designed to combat cybercrime and improve critical sectors.

Identify Countries of Cyber Concern

Under the bill, the President would identify countries of cyber concern –countries which show patterns of cybercrime against the U.S. government, private entities or individuals and lack measures to sufficiently address cybercrime through laws, investigations or international cooperation – and work with each country of cyber concern, establishing an action plan with benchmarks to improve the government’s efforts against cybercrime. The President would provide an annual assessment of the country’s progress.

The President could waive the requirement to develop an action plan for any country if it is in the national interest, and report such waiver to Congress, in classified form if necessary.

Penalize Countries that Fail to Meet Benchmarks

Countries of cyber concern that do not reach their benchmarks may have one of the following benefits suspended, restricted or prohibited: new OPIC or ExIm financing, new multilateral financing, new TDA assistance, preferential trade programs, or new foreign assistance, as long as such do not limit projects to combat cybercrime.

Focus on Department of State International Cybercrime Policy

In order to improve the U.S. focus on addressing international cybercrime, the bill would require the Secretary of State to designate a senior official at the State Department to coordinate and focus on activities, policies and opportunities to combat cybercrime internationally, and in consultation with other Federal agencies and the relevant chiefs of mission, appoint employees at key embassies to focus on cybercrime policy.

 

Full letter to the President is below.

Dear President Obama,

            The recent disclosures of diplomatic cables regarding the Chinese cybersecurity threat has prompted me to write to urge you to increase United States’ focus on addressing key international cyber challenges, including combating cybercrime, enhancing the security posture of U.S. cyber networks from international intrusions and guiding the international discourse.  You clearly recognize the importance of the cyber domain, having conducted a government-wide review of cybersecurity and appointed a Cyber-Security Coordinator at the White House.  But it is disappointing that more has not been done to improve U.S. foreign policy mechanisms that would address cybercrime and cybersecurity.

            The recent disclosure of  State Department cables have revealed more fully than before U.S. diplomats’ belief that cyber attacks on Google, and perhaps other U.S. interests, were part of a concerted Chinese government strategy.  Given these assessments by our own experts, I expect a plan to prioritize international cyber policy.  While U.S. officials have been producing some positive results in this area in the past year, I believe far greater focus and prioritization is needed to match the level of focus of other countries, engage internationally, and ensure that United States’ economic well being and national security are preserved. 

            As you know, I have a bi-partisan bill with broad private sector endorsement that seeks to bolster U.S. foreign policy mechanisms used to address cybercrime.  I have discussed the bill extensively with your administration, and had hoped to find common ground for instituting these or other policy mechanisms.  I am disappointed that progress on this legislation has not been made. I am doubly concerned that we still do not have a high level individual at the State Department to focus on international cybersecurity, as my legislation suggests.

            I urge you to enhance the State Department’s foreign policy mechanisms to address cybercrime and cybersecurity by formalizing an approach that designates key resources to meet the challenges we face.