Stop cyber espionage threat

Opinion: May 21, 2012 at 12:00a.m.

By Mike Brownfield

Heritage Foundation

From the moment that Japan attacked Pearl Harbor, America learned that it is not an impenetrable fortress protected by thousands of miles of ocean. And on 9/11, we were tragically reminded of that fact.

Likewise, there is a new kind of threat to the United States. It knows no territorial boundaries. It travels neither by land, by sea or by air. It’s the threat to America’s cyber security.

Hackers are busy at work all around the world striking the United States via the Internet in an attempt to steal valuable intellectual property and sensitive information. Using the same methods, these cyber spies could attack the critical infrastructure that keeps America running, such as the nation’s power grid and water supply.

Cyber-espionage culprit

China is a major cyber-espionage culprit. According to the House Permanent Select Committee on Intelligence, U.S. companies have reported Chinese attempts to steal client lists, merger and acquisition data, pricing information, and the results of research and development efforts — all of which gives foreign companies an unfair competitive advantage.

That intellectual property theft also costs big money — ranging up to $400 billion per year, not to mention the jobs that go along with it.

Though the United States government has the capability to protect itself against cyber espionage by using both classified and unclassified cyber-threat information, the private sector doesn’t get the benefit of this information.

The House of Representatives recently passed a bill designed to do something about that: the Cybersecurity Information Sharing and Protection Act, introduced by House Permanent Select Committee on Intelligence chairman Mike Rogers, R-Mich., and ranking member Dutch Ruppersberger, D-Md.

Under CISPA, the U.S. government will be able to share information about incoming cyber attacks. That includes providing American companies details on malware, viruses and other malicious code that pose a threat to their security. That way, attacks can be stopped before they even begin.

For their part, the companies would be encouraged to share information about the threats they identify — all on a completely voluntary basis — so that other networks can be protected. That’s valuable information that computer analysts can use to understand the attack, who launched it, where it’s coming from, and how to protect against other attacks like it.

Civil liberty advocates and other critics of the bill have raised concerns that CISPA is a threat to privacy or could result in the blocking of websites, as was the worry with the Stop Online Piracy Act. Nothing could be further from the truth.

CISPA does not allow for any blocking of websites. It merely facilitates the sharing of cyber-threat information. It gives no additional authority to the Department of Defense, the National Security Agency, or any other “element of intelligence community to control, modify, require or otherwise direct the cyber-security efforts of a private-sector entity or a component of the Federal Government or a State, local, or tribal government.”

In addition, the bill includes new measures that would allow the government to use shared cyber-security information only for a cyber-security purpose, for a national security purpose, to prevent death or serious bodily harm, or to protect minors from sexual exploitation, kidnapping, and trafficking. That’s in addition to other protections against the improper use of data.

Catastrophic attack

Rogers warns that, “Without important, immediate changes to American cyber-security policy, I believe our country will continue to be at risk for a catastrophic attack to our nation’s vital networks — networks that power our homes, provide our clean water or maintain the other critical services we use every day.”

He’s right. As Americans know all too well, the United States is not invincible. Though the nature of the threats may change, the need to defend ourselves remains, whether it’s at sea, in the air, on the ground — or in cyber space.

Mike Brownfield is assistant director of strategic communications at The Heritage Foundation, Washington, D.C. Distributed by McClatchy-Tribune Information Services.