By MacDonnell Ulsch and Michael J. Sullivan, Esq.
We urge President Obama to support H.R. 3523, the Cyber Intelligence Sharing and Protection Act, a bipartisan effort combating the very real and escalating digital threat. This legislation is one of the few contemporary demonstrations of agreement between Republicans and Democrats. Passed on April 26 by a vote of 248-168, including 42 votes by House Democrats, there is good cause for both sides of the political aisle to cooperate.
Authored by Rep. Mike Rogers (R-MI) and Rep. Dutch Ruppersberger (D-MD), respectively the chairman and ranking member of the House Intelligence Committee, the bill will allow the U.S. intelligence community and private industry to share certain information about the complex array of cyber threats. Under strict rules and conditions, defined by the Director of National Intelligence and monitored by Congress, industry and government will be able to more effectively coordinate a defense against potentially devastating cyber attacks.
The Internet is used by hackers to commit cyber terrorism, cyber warfare, cyber disruption, cyber disinformation, and cyber crime, including proprietary information theft.
A recent defense report indicates that hackers attack the U.S. Navy computer network 87 million times a month. But the defense infrastructure is not the only target. Far from it. Cyber attacks are aimed at critical infrastructure disruption, the theft of corporate intellectual property, trade secrets, and regulated personal information such as social security numbers, financial account information, and health records.
It is currently illegal to share information
Government and industry are currently unable to share cyber threat information. Under Title XI of the National Security Act of 1947, it is illegal to share this information. H.R. 3523 would amend the National Security Act, allowing the government and industry to cooperate in the national cyber defense.
It is worth noting that restrictions imposed on information sharing within and between federal law enforcement and intelligence agencies contributed to the attacks of 9/11.
We are at war, and not just in Afghanistan. The extended battlefield of cyberspace reaches deep into our workplaces and even our homes. It is a digital battlefield, cloaked in anonymity, comprised of armies of cyber warriors and terrorists, armed with everyday technology that dwarfs the computational power that placed astronauts in space and that won the Cold War.
These hackers work for our nation-state economic competitors, as well as for our military adversaries, including Iran. Some operate independently while others sell their hacking services to the highest bidder. The impact of a diversified cyber threat can be measured not only in terms of the economy, but in national security.
Secrets behind future prosperity at risk
More than a hundred nations are engaged in cyber and economic espionage against the U.S. China leads the long list of nations illegally acquiring intellectual property and trade secrets. China’s Program 863 is a blueprint of the various technologies it needs to compete successfully in a global market. Quite simply, stealing information provides competitors with faster times to market and a lower market entry cost—zero cost for research and development. China is the acknowledged master of intellectual property theft, despite its denials.
The annual cost for the U.S. can be measured in the hundreds of billions of dollars. But there is a greater potential impact.
A domino effect
In an increasingly hostile and technologically powered world, the theft of technology secrets has a domino effect, impacting the future of the U.S. domestic economy, as well as the economies of many allied nations, some of which are both competitors and partners. The strategic impact of technology theft includes potentially severe commercial, diplomatic, military, defense, and intelligence implications.
Victim companies will be less competitive. Other consequences include a decline in job creation and a loss of existing jobs. This means lowered tax revenues from companies and the employees who lose jobs. Fewer tax dollars result in increased pressure to cut critical government services, such as, our military. Investor and shareholder loss will result in diminished appetite for future investment.
An uncertain future for the Bill
While the outcome of a Senate vote remains uncertain, the President has said he will veto the bill if it lands on his desk.
A veto of this bill is the digital equivalent of muffling the communications capability of the American Revolution’s Minute Men, who served as an early warning and response system. Would the British attack by land or by sea? It is hard to fathom such an information and intelligence gulf between the colonial militia, the blacksmith, the farrier, the silversmith, and the lamp maker on April 18, 1775.
One thing we do know. The next attacks will come not only by land or by sea, but by way of the Internet, ironically a communications system of last resort devised to prevent mutually assured destruction in a nuclear war. The real question is, how will we know if a cyber attack is about to happen? Perhaps the Cyber Intelligence Sharing and Protection Act should have been named the Paul Revere Act of 2012. Maybe then it would pass with less resistance from the President’s desk and become the law of the land. We would all be better off for it.
MacDonnell Ulsch is the CEO of ZeroPoint Risk Research LLC and the author of the book “THREAT! Managing Risk in a Hostile World.” Michael J. Sullivan, Esq., served in Administration of President George W. Bush as the United States Attorney for the District of Massachusetts and Director of Alcohol, Tobacco, Firearms, and Explosives. He is a partner in the Ashcroft Sullivan LLC law firm and serves as an Executive Research Fellow at ZeroPoint Risk Research LLC.