The United States is increasingly becoming the victim of cyber-attacks originating from China and Iran – as conflicting American interests try to come up with new regulations to reduce the risk.
The alarming frequency of the assaults require that lawmakers soon adopt a cyber-security law, which would allow for more exchange of information by companies about cyber-threats, officials said on Thursday.
“The United States faces a significant and ongoing cyber security threat today; one that presents grave issues of national and economic security. … The technological leadership and national security of the United States is at risk because some of our most innovative ideas and sensitive information are being brazenly stolen by these cyber attacks,” U.S. Rep Mike Rogers (News - Alert), (R-Mich), said in a statement before the House Intelligence Committee, which he chairs.
Since last year, Rogers said that China’s economic cyber espionage against U.S. companies “has not diminished” but “has grown exponentially both in terms of its volume and the damage it is doing to our nation’s economic future.”
“The Chinese intelligence services that conduct these attacks have little to fear because we have no practical deterrents,” he added.
In addition, the Iranians and their government are being blamed for increasing distributed denial of service (DDoS) attacks on U.S. networks over the last year, Rogers said.
“I have heard nothing to dissuade me from the conclusion that the Iranian government is behind these attacks,” Rogers said. “If you take a step back, and put these Iranian cyber attacks in context, you begin to see a pattern of steady asymmetric, and often lethal, Iranian attacks on the United States.”
He pointed out, too, how a virus called Shamoon infected computers at the Saudi Arabian State Oil Company Aramco last summer. Iran is the suspected source of the virus. Shamoon replaced files with an image of a burning U.S. flag. More than 30,000 of Aramco’s computers that it infected were replaced.
Rogers and C.A. “Dutch” Ruppersberger, (D-MD), reintroduced a bill this week in Congress, which among other things provides legal protection for companies that share cyber threat information with each other and the government.
“Our bill provides positive authority to the government to provide classified cyber threat information to the private sector, and knocks down the barriers that impede cyber threat information sharing among private sector companies, and between private sector companies and the government,” Rogers said in his statement. “It does all this with strong restrictions and safeguards to protect the privacy and civil liberties of Americans.”
“Every day, and as we speak, our Government and private sector companies are under attack,” Ruppersberger added in his statement. “Nations are trying to steal our military and intelligence secrets, as well as our companies’ most valuable trade secrets, threating U.S. profits and American jobs. They are trying to steal our financial information, and our most private health records.”
Ruppersberger also praised President Barack Obama for issuing an executive order to come up with voluntary standards for sectors such as power grids. The order also allows government agencies to share more cyber-threat information with the private sector.
In addition, John Engler, president of the Business Roundtable, testified that “Cybersecurity is a bottom line issue for the more than 200 CEOs of Business Roundtable and a top-level national economic issue because America’s strategic information assets are a platform for commerce and economic growth. Our CEOs are responsible for a significant portion of America’s critical infrastructure including major portions of the financial services, electric power, oil and gas, telecommunications, defense and chemicals industries. No one has a greater incentive to protect critical systems – or greater knowledge of how to do so – than the businesses that own and operate these critical systems. Information systems constitute the very core of business operations and relationships with customers and suppliers.”
He adds there needs to be “robust, two-way information sharing, with appropriate legal and privacy protections, between business and government. The public-private information sharing partnerships in place today are good but not good enough. They are not sufficiently capable of responding to escalating threats.”
Overall, there was a mixed reaction to the cyber security plan from Obama this week – with many officials saying it doesn’t go far enough, some supporting it, and others wondering if it’s needed at all, TechZone360 reported.
Obama also wants to see Congress approve additional steps to increase cyber security for the power grid, financial institutions and air traffic control system – even though last year legislators failed to approve a far-reaching proposal. Some argued it added burdensome regulations on businesses.
Edited by Brooke Neuman