New Bill Proposes Sanctions for Countries Lax on Cybersecurity
In an effort to address the global nature of the cybersecurity problem U.S. Sens. Gillibrand and Hatch have proposed legislation that would require U.S. assessments of cybercrime in other nations and open the door to possible sanctions against those who do not cooperate sufficiently to attack cybercrime within their borders.
03/25/10 9:38 AM PT
A new bill introduced in the Senate on Tuesday aims to put the United States in a leading role in the global fight against cybercrime.
Dubbed the "International Cybercrime Reporting and Cooperation Act," the bipartisan legislation was introduced by Sen. Kirsten Gillibrand, D-N.Y., and Sen. Orrin Hatch, R-Utah, in response to the growing threat of cyberattacks such as those perpetrated earlier this year against Google and other U.S. companies.
The new legislation will help the U.S. identify threats from abroad and work with other countries to crack down on their own cybercriminals. It will also recommend cutting off U.S. assistance and resources for countries that refuse to take responsibility for cybersecurity.
$1 Trillion Lost Globally
"Cybercrime is a serious threat to the security of the global economy, which is why we need to coordinate our fight worldwide," Sen. Hatch explained. "Until countries begin to take the necessary steps to fight criminals within their borders, cybercrime havens will continue to flourish."
The new bill will not only help deter cybercrime but also "prove to be an essential tool necessary to keep the Internet open for business," he added.
In 2005, U.S. businesses lost US$67.2 billion as a result of cyberattacks, according to Government Accountability Office (GAO) estimates cited by the sponsoring senators.
The global economy overall lost over $1 trillion in 2008 as a result of cyberattacks, according to statistics from security firm McAfee, they said.
Companies including Cisco, HP, Microsoft, Symantec, PayPal, eBay, McAfee, American Express, Mastercard, Visa and Facebook all support the new legislation, the senators said.
Google did not respond by press time to the E-commerce Times' request for comment.
Last week, Sen. Jay Rockefeller, D-W.Va., and Sen. Olympia Snowe, R-Maine, introduced similar legislation aimed at making cybersecurity a focus of new attention in both the public and private sectors. That bill, S. 773, was approved Wednesday morning during a Commerce, Science & Transportation Committee hearing.
"We absolutely do need a renewed and heightened focus on cybercrime, and we also absolutely need to be doing this from an international dimension," Larry Clinton, president of the Internet Security Alliance, told the E-Commerce Times.
An International Focus
The international nature of cybersecurity is often not fully appreciated, Clinton noted.
The result "is that we tend to think of solutions to the problem that are really 20th century sorts of solutions," he explained. "The notion that the U.S. government can set a standard or pass a law to make us safe fundamentally misunderstands" the problem.
When the Rockefeller-Snowe bill was first introduced, in fact, "it was highly regulatory and government-focused" in nature, Clinton pointed out. Since then, its focus has matured significantly, he added.
'We Clearly Lead in Cybersecurity'
"The U.S. government has inadequately addressed the need for global cooperation and a harmonized framework" in the fight against cybercrime, agreed Jody Westby, CEO of Global Cyber Risk and distinguished fellow with Carnegie Mellon CyLab.
The Gillibrand-Hatch bill is "very important in that it requires the U.S. government to start taking a more global view of cybercrime," she added. Westby led the development of the ITU toolkit, which provides sample legislation countries can use to develop cybercrime laws harmonized with those of other nations.
The United States "has to understand that we now comprise only about 12 percent of the online population," Westby told the E-Commerce Times. "We clearly lead in cybersecurity and have to start asserting our leadership. The measures in this bill will go a long way toward doing that and raise awareness globally of where the problems are."
In short, "the senators have identified a very critical gap that has existed in cybersecurity," Westby concluded. "This could help focus and coordinate the U.S. government on global cybercrime in way it hasn't before."
'A Worldwide Effort'
The world is borderless when it comes to cybercrime, Parry Aftab, privacy lawyer and executive director of WiredSafety, told the E-Commerce Times.
"We have attacks from other countries, and we have people here cooperating with others in organized cybercrime around the world," she explained, so we "have to see it as a worldwide effort."
If the new bill "allows you to bridge the different legal systems, that can only be a good thing," Aftab concluded. "My only caution is that privacy experts look at it as well to protect the rights of U.S. citizens, no matter where they are in the world."