March 23, 2010

Cybercrime Costs NY Businesses Approximately $4.6 Billion Each Year – Gillibrand, Hatch Introduce First Of Its Kind Measure To Bolster Cybersecurity In America

Legislation Would Foster International Coordination, Require Crackdown on Cyber Criminals In Foreign Countries That Offer Them Havens

Washington, D.C. – As New York businesses lose approximately $4.6 billion as a result of cyberattacks and with a growing threat of cybercrime internationally, U.S. Senators Kirsten Gillibrand (D-NY) and Orrin Hatch (R-UT) today introduced the International Cybercrime Reporting and Cooperation Act – new bipartisan legislation that would enhance America’s cooperation with other countries to combat cybercrime and keep America safe.   

“Cybersecurity must be a top priority for our national security,” Senator Gillibrand said. “If we’re going to protect our networks, our infrastructure, our economy and our families, we have to go after cyber criminals wherever they may be – and it must be an international effort. Our new legislation will require the president to provide a global assessment, identify threats from abroad, work with other countries to crack down on their own cyber criminals, and urge the President to cut off U.S. assistance and resources for countries that refuse to take responsibility for cybersecurity. Our legislation will make America safer by getting tough on cybercrime globally, and coordinating with our partners in the international community.”

“Cybercrime is a serious threat to the security of the global economy, which is why we need to coordinate our fight worldwide. Until countries begin to take the necessary steps to fight criminals within their borders, cybercrime havens will continue to flourish,” said Senator Hatch. “We don’t have the luxury to sit back and do nothing.  I believe the International Cybercrime Reporting and Cooperation Act will not only function as a deterrent of cybercrime, but will prove to be an essential tool necessary to keep the Internet open for business.”

For more than a decade, reports have described the increasing vulnerability of the U.S. to cyber attacks. A growing array of international criminal organization are targeting U.S. citizens, commerce, and information infrastructure, including the Internet, telecommunications networks, financial systems, embedded processors and controllers in critical industries to steal, exploit, disrupt, or destroy information.

Earlier this year, hackers in China launched a large, sophisticated attack on Google and other American businesses. A conservative estimate from the Government Accountability Office (GAO) estimates that in 2005 U.S. businesses lost $67.2 billion as a result of cyberattacks. Since then, attacks have dramatically increased. The global economy overall lost over $1 trillion in 2008 as a result of cyber attacks, according to studies by McAfee, Inc. 

Based on these conservative estimates, New York businesses lose more than $4.6 billion each year as a result of cyberattacks.

READ Sentor Gillibrand's full report on how much New York businesses lose each year as a result of cybercrime.

  • In New York City, businesses lose more than $1.9 billion each year as a result of cyberattacks.
  • In Western New York, businesses lose more than $300 million each year as a result of cyberattacks.
  • In the Rochester/Finger Lakes Region, businesses lose more than $250 million each year as a result of cyberattacks.
  • In Central New York, businesses lose more than $230 million each year as a result of cyberattacks.
  • In the Southern Tier, businesses lose more than $100 million each year as a result of cyberattacks.
  • In the Capital Region, businesses lose more than $245 million each year as a result of cyberattacks.
  • In the North Country, businesses lose more than $105 million each year as a result of cyberattacks.
  • In the Hudson Valley, businesses lose more than $610 million each year as a result of cyberattacks.
  • On Long Island, businesses lose more than $855 million each year as a result of cyberattacks.

Numerous American employers, including Cisco, HP, Microsoft, Symantec, PayPal, eBay, McAfee, American Express, Mastercard and Visa, as well as Facebook, are supporting the Senators’ legislation.

“Microsoft strongly supports the International Cybercrime Reporting and Cooperation Act and applauds Senators Gillibrand and Hatch for their leadership in this area,” said Fred Humphries, Managing Director of US Government Affairs, Microsoft Corp. “This legislation is a great step forward toward accessing the technology capabilities and judicial remedies of foreign countries to combat cybercrime and provide a safer, more trusted and secure Internet.”

"We support efforts to increase global awareness of cybersecurity issues, and to improve cybersecurity and investigations of cybercrime,” said Tucker Foote, Vice President & Head of U.S. Government Affairs, MasterCard Worldwide. “We believe [this] legislation provides useful tools to further those goals and to provide a safer environment for U.S. consumers and businesses to operate in today’s technology-driven world."

Criminals are increasingly going after online financial data – costing businesses and individuals billions. In fact, each data breach costs American businesses an average of $6.6 million.

Cyber exploitation activity has grown more sophisticated and targeted over the past year and is expected to increase. Relevant international cybercrime agreements have not been signed by certain key countries that host cyber criminals with apparent impunity.

To boost America’s cybersecurity, improve our coordination with allies, and establish tough new ways to crack down on cyber threats internationally, Senators Gillibrand and Hatch today introduced the International Cybercrime Reporting and Cooperation Act.

Annual Presidential Report

The bill would require the President to annually report to Congress on the assessment of the state of countries’ use of information and communications technologies (ICT) in critical infrastructure, the extent and nature of cybercrime based in each country, the adequacy and effectiveness of each country’s legal and law enforcement systems addressing cybercrime, and countries’ protection of consumers and commerce online. The President would also report on multilateral efforts to prevent and investigate cybercrime, including U.S. actions to promote such multilateral efforts.

Deliver Foreign Assistance to Prevent Cybercrime Havens

The bill would require that programs designed to combat cybercrime be prioritized to countries with low ICT penetration, in order to prevent such countries from becoming future cybercrime havens. Also, U.S. or multilateral assistance designed to improve critical sectors such as finance or telecommunications would be encouraged to include programs designed to combat cybercrime, in order to ensure that such assistance is not inadvertently being used to build future crime havens.

Identify Countries of Cyber Concern

The bill would require the President to identify countries of cyber concern, where there is significant, credible evidence that a pattern of cybercrime against the U.S. Government, private entities or persons by persons from within such countries’ borders exist, and identify such countries that do not sufficiently address cybercrime through investigations, prosecutions, bilateral or international cooperation, or appropriate legislation or similar measures.

For each country of cyber concern, the President would establish an action plan with benchmarks designed to assist the government of each country to improve its capacity to combat cybercrime. This plan would be developed and carried out in consultation with the county of concern, in order to encourage them to reach the benchmarks. The President would provide an annual assessment of the country’s participation in the action plan.

The President could waive the requirement to develop an action plan for any country if it is in the national interest, and report such waiver to Congress, in classified form if necessary.

 

Failure to Meet Action Plan Benchmarks

Countries of cyber concern that do not reach their benchmarks may have one of the following benefits suspended, restricted or prohibited: new OPIC or ExIm financing, new multilateral financing, new TDA assistance, preferential trade programs, or new foreign assistance, as long as such do not limit projects to combat cybercrime.

Department of State International Cybercrime Policy Focus

In order to improve the U.S. focus on addressing international cybercrime, the bill would require the Secretary of State to designate a senior official at the State Department to coordinate and focus on activities, policies and opportunities to combat cybercrime internationally, and in consultation with other Federal agencies and the relevant chiefs of mission, appoint employees at key embassies to focus on cybercrime policy.