Businesses say privacy and legal concerns prevent cybersecurity cooperation
By Andrew Conte
Published: Thursday, Feb. 14, 2013, 12:04 p.m.
WASHINGTON — Pervasive computer spying by the Chinese against the government and American companies is growing in volume and in damage, the chairman of the House Intelligence Committee said on Thursday.
“The technological leadership and national security of the United States is at risk because some of our most innovative ideas and sensitive information are being brazenly stolen by these cyber attacks,” committee chair Rep. Mike Rogers, R-Mich., said at a hearing on legislation to thwart computer attacks.
China prohibits cyber attacks and has done what it can to combat such activities in accordance with Chinese laws, Yuan Gao, a spokesperson at the Chinese embassy, told the Tribune-Review in response to Rogers' remarks.
“China is a major victim of hacker attacks and suffers from frequent attacks from abroad,” Yuan said, adding that “China would like to work with the U.S.” to combat such attacks.
Business leaders testified before the committee about the proposed Cyber Intelligence Sharing and Protection Act, which is aimed at thwarting computer attacks and better responding to them when they occur. Witnesses called for more legal protections and coordination with the government.
Antitrust laws and concerns about getting sued over sharing private information prohibit companies from working with the government and each other when they suspect computer crimes, said John Engler, a former Michigan governor who heads the Business Roundtable, an association of corporate CEOs.
“No one has a greater incentive to protect critical systems — or greater knowledge of how to do so — than the businesses that own and operate these critical systems,” Engler testified. “Cybersecurity threats are presenting risks to these systems that neither the public nor the private sector, acting unilaterally, can protect against.”
Businesses need a Facebook for sharing computer security threats because some companies are better than others at sharing information and protecting their systems, said Kevin Mandia, founding CEO of Mandiant, a computer security company.
He warned that rampant information stealing could quickly turn into something more dangerous.
“The access they have does not inhibit them from deleting and destroying things,” Mandia told members of the House Intelligence Committee. “They have had the access but not the will to do so.”
In “Cyber Rattling: The Next Threat,” a series of Trib stories on cybersecurity that began on Sunday, experts warned about a global war over information that could quickly escalate with destructive — perhaps deadly — computer attacks.
“Too often, companies that would like to share information about attacks are prevented or deterred from doing so because of a range of policy and legal barriers,” said Rogers, who blamed the Chinese for a “breathtaking” level of computer spying.
Rogers also cited the recent denial of service attacks on U.S. banks, which prevented some customers from accessing online accounts. He blamed Iran as the source of the attacks. Iran has denied responsibility.
Part of the problem for businesses is that they do not always know they're even under attack, Engler said.
“Sometimes these threats are developing from someplace outside the country or at a level where it's not even understood that somebody is under attack,” he said. “…There is no doubt in the business community that we have to have information from the intelligence community.”
While the proposed bill would improve information sharing, lawmakers need to fund better computer security research and to update the criminal code to address computer crimes, said Paul Smocer, president of BITS, the technology policy division of The Financial Services Roundtable, a banking and investment industry trade group.
“Cyber criminals are taking advantage of a global system, the Internet,” Smocer said. “They are expanding their capabilities and exploiting the inherent trust we all have in the World Wide Web to conduct malicious activity.”
Despite concerns about revealing sensitive private data, Smocer said companies mainly would share technical data about the nature and source of computer attacks. Under the proposed law, companies would be asked to report information about computer and national security threats, child pornography, dangers facing children and imminent attacks such as a murder plot.
Rep. C.A. “Dutch” Ruppersberger, D-Maryland, the ranking member on the House Intelligence Committee, said the government must act quickly. A similar computer security bill failed last year over business concerns about government overreach. That led President Obama this week to sign an executive order on cybersecurity that calls for a cooperative government-business effort to protect computer systems.
“Our government and private sector companies are under attack,” Ruppersberger said. “Nations are trying to steal our military and intelligence secrets, as well as our companies' most valuable trade secrets, threatening U.S. profits and American jobs.”
Staff Writer Lou Kilzer contributed to this report. Andrew Conte is a reporter for Total Trib Media. He can be reached at 412-320-7835 or firstname.lastname@example.org.
Show commenting policy
TribLive commenting policy
You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.
We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.
While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.
We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers.
We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.
We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.
We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.
We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.
- Analysis: Steelers could fill needs with free agents while not spending big bucks
- Steelers to release LaMarr Woodley; Taylor restructures contract
- Crosby lifts Penguins over Capitals in last game of road trip
- Sbarro again files for bankruptcy reorganization
- Community cooperation credited in Glassport shooting arrests
- Charges expected in fatal Duquesne accident
- Health secretary sees benefits of SPHS Primary Care
- Lincoln Way upgrade begins
- Bill would limit private meeting circumstances
- Job cuts at AGH part of ‘strategic’ process
- Mt. Pleasant Rotary makes donations to community organizations