• The Heritage Network
    • Resize:
    • A
    • A
    • A
  • Donate
  • Morning Bell: Stopping the Cyber Espionage Threat

    From the moment that Japan attacked Pearl Harbor, America learned that it is not an impenetrable fortress protected by thousands of miles of ocean, and on September 11, we were tragically reminded of that fact. Likewise, there is a new kind of threat to the United States that knows no territorial boundaries, but this one travels neither by land, by sea or by air. It’s the threat to America’s cyber security, and today Congress has the opportunity to do something about it.

    Whether you know it or not, hackers are busy at work all around the world striking the United States via the Internet in an attempt to steal valuable intellectual property and sensitive information. Using the same methods, these perpetrators of cyber espionage could attack the critical infrastructure that keeps America running, such as the nation’s power grid and water supply.

    China is a major cyber espionage culprit. According to the House Permanent Select Committee on Intelligence, U.S. companies have reported Chinese attempts to steal client lists, merger and acquisition data, pricing information, and the results of research and development efforts — all of which gives foreign companies an unfair competitive advantage. That intellectual property theft also costs big money — ranging up to $400 billion per year, not to mention the jobs that go along with it.

    Though the United States government has the capability to protect itself against cyber espionage by using both classified and unclassified cyber threat information, the private sector doesn’t get the benefit of this information. Today, the House of Representatives will vote on a crucial bill to do something about it — the Cybersecurity Information Sharing and Protection Act (CISPA), introduced by House Permanent Select Committee on Intelligence chairman Mike Rogers (R-MI) and ranking member Dutch Ruppersberger (D-MD).

    Under CISPA, the U.S. government will be able to share information about incoming cyber attacks — that includes providing American companies details on malware, viruses, and other malicious code that pose a threat to their security. That way, attacks can be stopped before they even begin. For their part, the companies would be encouraged to share information about the threats they identify — all on a completely voluntary basis — so that other networks can be protected. And that’s valuable information that computer analysts can use to understand the attack, who launched it, where it’s coming from, and how to protect against other attacks like it.

    Civil liberty advocates and other critics of the bill have raised concerns that CISPA is a threat to privacy or could result in the blocking of websites, as was the worry with the Stop Online Piracy Act. However, nothing could be further from the truth

    Analysis of the bill shows that CISPA does not allow for any blocking of websites but merely facilitates the sharing of cyberthreat information. It gives no additional authority to the Department of Defense, the National Security Agency, or any other “element of intelligence community to control, modify, require or otherwise direct the cybersecurity efforts of a private-sector entity or a component of the Federal Government or a State, local, or tribal government.”

    In addition, the bill includes new measures that would allow the government to use shared cybersecurity information only for a cybersecurity purpose, for a national security purpose, to prevent death or serious bodily harm, or to protect minors from sexual exploitation, kidnapping, and trafficking. That’s in addition to other protections against the improper use of data.

    Rogers warns that, “Without important, immediate changes to American cybersecurity policy, I believe our country will continue to be at risk for a catastrophic attack to our nation’s vital networks – networks that power our homes, provide our clean water or maintain the other critical services we use every day.” Rogers is right. As Americans know all too well, the United States is not invincible. Though the nature of the threats may change, the need to defend ourselves remains. The Cybersecurity Information Sharing and Protection Act is a valuable resource in that fight.

    Quick Hits:

    Posted in Security [slideshow_deploy]

    41 Responses to Morning Bell: Stopping the Cyber Espionage Threat

    1. teddy says:

      The US government has no right or reason to "share" data with internet users without a warrant. Patriot Act is a bigger threat to our security than any Chinese, because it has been festering distrust branching into outright fear of the US regimes of this century, and frightened men are dangerous.

    2. Rich Teti says:

      Private Companies and individuals should protect and police their own information. CISPA is another threat to individual freedom and should not be passed.

      • stephen says:

        Yea, why does this article put the cost on taxpayers?

      • David Inserra says:

        Rich Teti,

        When targeted by states such as Russian, Iran, China, of course the government has a role in protecting U.S. individuals and companies from these attacks. If Chinese forces landed in D.C., we wouldn't tell private companies in D.C. that they alone were responsible for their defense. The government does have a role in "providing for the common defense" and specifically Section 8 of Article 1. CISPA mandates and forces nothing and simply helps the private sector defend against these attacks which are often sponsored by unfriendly states. CISPA costs almost nothing in comparison the cost of regulations and the cost of information that is stolen daily by these malicious actors.

        • John Washburn says:

          Actually, Yes, I would expect private citizens and private companies to respond.

          That is why a well-regulated militia is protected with the second amendment to have access "to all of the terrible implements of the soldier" (e.g. RPG for the drones, full auto Uzi, .50 caliber rifles, claymores, etc.)

          Contrary to the domesticated think tanks (e.g. Heritage and the NRA) pistols and deer rifles are protected under the 9th amendment as part of my un-enumerated, but un-disparaged, right to self-defense and the instrumentalities thereof.

          • David Inserra says:

            John,

            Note what I said:

            "If Chinese forces landed in D.C., we wouldn't tell private companies in D.C. that they *alone* were responsible for their defense."

            I specifically did not say what you said I said. Individuals and private groups do have a role to defend themselves. However currently, they are alone in fighting off cyber attacks and the Constitution clearly envisions a role for the federal government in protecting its citizens from attack. Perhaps a better example would have been piracy. While private citizens and companies should protect themselves from piracy (Heritage had an event on private maritime security forces a couple months ago), the Constitution clearly allows Congress to "define and punish piracies and felonies committed on the high seas.

        • Jack says:

          Using the Constitution to argue that the government has this right when that same government has used the Constitution as toilet paper seems a little illogical.

          After the Patriot act, NDAA and the president giving himself the power to assassinate US citizens around the world, with just a suspicion, one would think that more people wouldn't just blindly swallow what the propaganda machines were feeding them.

          Unlike all the other policies that have been used to get their grimy little fingers further into our lives I'm sure CISPA will really do us some good and bring back all those other liberties the government has taken from us.

          If you believe that I got a bridge to sell you.

        • Joseph McKennan says:

          I am less opposed to protecting from cyber threats than I am in a sweeping, force it down my throat intrusion. The way this government forced Obamacare on the citizens is equivalent. This is America. We used to be able to debate and get used to proposals like this. Now we get it whether we want it or not and if we don't subscribe we go to prison. Count me out.

    3. Jim says:

      You can't even let the government get their toe in any door because sooner or later they will kick it open.
      Remember what Benjamin Franklin said;
      "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."

    4. teddy says:

      Does anyone really believe that this regime is any better than the last? It's carrying on the same policies, with the same results, as the last one. Do we really want the boys who brought us "too big too fail" and Solyndra in charge of the information flow of the internet?

      • gene says:

        Thanks for voting for all the "Hope and Change". At least many of those same people realize their mistake and are looking for change again. Not sure we really have much hope in any of the candidates that we have been given. Hate to think its to late but it does seem like it may be. Our government is out of control and way to many citizens seem willing to follow. Teddy you may not have voted for him even though it would would appear from your comments you probably did. All can be forgiven though as long as a large majority can consolidate and agree that we need BIG change in both parties.

    5. Mike says:

      Mike,
      As an engineer who has deployed large-scale classified systems I am familiar with technologies and methods for securing systems. With authority I can say that technology exists to provide far more robust cyber security than is actually deployed. That business does not do this is a statement, to the extent that markets are free, that it is cheaper to clean up after a cyber attack than it is to prevent one.
      I have a vague understanding that government provides some limits on their liability regarding the fallout from a cyber attack. To the extent that government provides a shield (e.g. victims bear the burden) then the markets once again are not allowed to work.
      In any case, sharing cyber attack information is a good thing to do. A better thing to do, if economically feasible, is to make the systems must harder, which in turn raises the cost and expertise required to conduct successful cyber attacks. My sense is that this will happen after a successful, large-scale, debilitating cyber attack occurs, and if that's the case we can only hope that we don't let this good crisis go to waste.

    6. Lyn says:

      I am wondering that with any government interference if this won't go further then originally intended. We have many examples of when the government says it's for our own good, we lose individual rights and freedoms. And that worries me about this bill. Not saying that this cyber attack is not a very real threat to America. If it were mishandled, and we see that alot, it could be very problematic for American privacy rights.

    7. I agree with stopping the cyber espionage. I do not agree with building massive firewall like the one china has built with the "ultimate on/off" switch. Nor do I agree with the current government building a massive data collection system that is aimed at collecting information on the citizens in this country.

      As to businesses in creating and installing IDS and firewall systems, have at it. However… Businesses see computer and network security as wasted money that could have been rolled into profits. They do not prioritize security as well as they should.

      On the flip side, DOD has been following the corporate mindset and planning in it's latest systems. Their managers take on this is "if it's good enough for civilian corporate, it's good enough for us". Unfortunately this idea of saving money by centralizing and building top-down command and control will be to their undoing. Army G6 is now filled with a lot of young punks that were not around when the network was built for survivability and redundancy.

      Sad to say the chinese will be eating our lunches because of piss poor planning by those that are too political, don't understand, don't care, don't think it's a priority.

    8. arh says:

      Keep private industry and the USG separate. Each can take individual precautions using whatever innovation their talent pool can develop. Collaboration should only be after the fact. The creepy march for control by the Government is relentless. Resistance is NOT futile! No to CISPA. Tell your reps.

    9. Glenn Palmer says:

      Do we really trust today's government to properly discern anything in regards to our Privacy? This and our new "observation drones"? Really. I watched an episode of "Harry's Law" and while originally humorous, by the end, it was not so funny. Want to trust the government, watch this first. A new documentary by GBTV. http://www.glennbeck.com/rumorsofwar/

    10. Wayne, La says:

      This is just another way that a bloated bureaucracy can manipulate and harm the people of the United States. It seems that the companies are doing a very good job now.

    11. Jason says:

      How could you fall so far so fast, Heritage Foundation? I am apalled and saddened by your sudden descent into useful idiocy. CISPA REQUIRES PRIVATE ENTITIES TO SHARE all cyber information (including credit card #s, etc.) at ANY TIMT and for ANY PURPOSE the government wants. All they have to do is mention National OR ceber- security and then they can do ANYTHING THEY WANT with that info. Call your reps and stop this heinous power grab NOW!!! >:-O
      Even with George Washington in power, this act would be an UnConstitutional government power grab!

      • David Inserra says:

        Jason,

        I would encourage you to read the bill text. The bill reads: "Nothing in this section shall be construed to permit the Federal Government to require a private-sector entity to share information with the Federal Government." That is about as clear as it can get. The government cannot force you share any information under any circumstance. What the bill does say, is that the government can use the information that is already shared with it for cyber/national security.

        • Jack says:

          Yes, and when the income tax was enacted they promised it would NEVER go above 7%… The government works with a "ratchet effect" — once a crisis has passed state power usually recedes again, but it rarely returns to its original levels; thus each emergency leaves the scope of government at least a little wider than before.

          CISPA will only be used to grab more power later on.

    12. AWM Indiana says:

      Each time we justify a violation of our liberties in the name of safety or security, we move closer to becoming those same countries we decried in years past (East Germany/USSR/Etc.)…..

    13. Paul says:

      Can we the people help do something about this cyber attacks or, contact our Congressmen?

    14. Blair Franconia, NH says:

      We were too late in stopping Pearl Harbor, we were too late in stopping September 11, 2001, we'd better NOT
      BE TOO LATE in stopping cyber espionage!

    15. AWM- Indiana says:

      Heritage:
      You do realize that you don't have to support or justify legislation, simply because it was sponsored by a Republican, right?
      I AM a believer in the value of the Heritage message- just concerned by what I see as a willingness to elevate a party line above "lines" in The Constitution, over which government is NEVER to cross…..

      • David Inserra says:

        AWM-Indiana,

        This bill was passed out of committee 17-1, a near unanimous and strong bi-partisan vote. Heritage is non-partisan and does not support specific legislation but we do support principles and policy ideas. We do not think the bill is good because it is sponsored by a Republican; we think it is a strong bill because it enhances our cyber and national security, does not add any regulations or mandates, and helps the private sector defend itself.

    16. Martin Dillian says:

      The fact is, if passed, CISPA would allow voluntary exchanges of personally identifiable information — including your firearms-related purchasing habits — to ANY government agency that wants it, including Eric Holder's ATF and Justice Department.

      CISPA was also written in broad enough fashion to potentially override every existing privacy law due to a "notwithstanding provision in law" clause that gives companies immunity for sharing your information with government agencies.

      Not good folks …. unintended consequences are both huge and negative.

    17. Heritage I side with you on many issues, but I consider this and the Patriot Act to be Unconsitutional and will never support such activity. You are wrong on this issue and need to reconsider your position. Go back and reread the US Constitution, you need the review!

    18. Did you guys actually read the bill? When I did, I considered it to be far to broadly written.

    19. RennyG says:

      The House is going to vote on a bill. That's nice, but what about the do nothing Senate and the big "O?" These guys are going to do nothing until election time when the big "O" puts them down again to gain votes!!!! They, the big "O" and his czars aren't concerned about our country!!!

    20. Rick says:

      Real conservatives should oppose this disastrous bill vehemently! Like everything else, this is a power-grab by the national security/corporatist state.

      Furthermore, we must discard of the notion that “intellectual property” is a legitimate form of private property rights. It is simply a form of protectionism for the movie and recording industry. For more on this, I suggest Stephen Kinsella’s excellent monograph “Against Intellectual Property,” which can be found for free at Mises.org

      • a librarian says:

        Although this is totally off the topic of the CISPA House vote, as a scholar, researcher and librarian I can't disagree with your ideas about intellectual property more. I work very hard to contribute an original voice and my original research to the scholarly dialogue, and I deserve my due credit for my work, including the protection of my work as intellectual property. The same goes for people who create movies, or companies that create source code or inventors with new ideas or writer who seek to publish. Yes – copyright laws have gotten out of control, and we are losing access to valuable historical content (like original Walt Disney films that are still under copyright and unable to be restored or re-released) However, some protection of intellectual property (as a legitimate form of private property) is neccessary to encourage the further development of our collective knowledge base.

    21. Gourdhead says:

      "Civil liberty advocates and other critics of the bill have raised concerns that CISPA is a threat to privacy or could result in the blocking of websites, as was the worry with the Stop Online Piracy Act. However, nothing could be further from the truth" excerpted from your article. If you think CISPA is not a threat to our vanishing civil liberties, you are either naive or stupid. This makes me almost angry enough to remove myself from your daily emails.

    22. Scott Fox says:

      Problem > Reaction >Solution

      Government: "Be afraid of hackers!"
      People: "Oh no, hackers!:
      Government: "Give me your money and I'll protect you!"
      People: "Where do I sign?"

      Wake up America, you're being lied to.

    23. Stirling says:

      I understand Heritage is just presenting the information as they see it. Heritage you have to understand the past 3+ years of government abuses into our personal lives makes some of us want the government to stop everything. .. Since they (Government) have no respect to slow down the assault on our lives, even this bill is seen as an intrustion.. and to get unamimous support seems suspisous (with all of washington's gridlock.)

      They (bearucrats) still don't listen, they don't act in our best intrest, and all we receive from our elected officals are Political Fundraising calls 24/7 asking to fork over more money that most of us dont have. They get into office and forget, or take us for granted, and think they "know whats best for us." It really is a joke..

    24. tHEgOVTiSnUTS says:

      Boy, am I glad I never got around to joining Heritage Foundation. I'm a conservative not a chump. CISPA is anti-American. Shame on you, Heritage!

    25. Joseph McKennan says:

      At first look the thought of our beloved government sending out hints that they want to save us from cyber attacks from the Chinese and others is reassuring but then you remember whose administration it is and the next response is 9*#@~&^#@.. unfit for print. I am fed up with government intrusion and reptiles who smile reassuringly til you let your guard down, then strike at your heart. I have lifelock and security software on my home PC so LEAVE ME ALONE.

    26. Ron Hert says:

      Why is it so well understood by the general public and less by the few supposedly-highly educated and writers.
      This Chicken-Little complex has cost the US tax-payor so much; all in the name of protecting America and in the end it always turns out to be from the US government's power-centralized need to control. To the government-I say the sky is not falling and as has been stated by the more experienced public, in this case more than this author supporting more govt. esponiage against American citizens. This motive to over-protect the US has given the public too little actual protection and far too much of US Sovernity lost; PBs 87-297 & 101-216, Obamacare, the Patriot Act, and many more Agenda 21 types, not counting the many unconstitutional laws of increased taxation. We can't even do an honest and complete background check on a presidential candidate-case in point-is Obama! Talk about government for the very few at the expense of the people-we need less government and more of a Republic form of govt. I say audit the Federal Reserve and monitor the power grabbing of the Democrats and RINOs.

    27. Jon says:

      this is not okay, i know this is a blog, but heritage just lost some credibility. "He who sacrifices freedom for security deserves neither." Ben Franklin

    28. azwayne says:

      I'm sorry, heritage is part of the propaganda media, where does their financing come from?? we have 1000's of agencies producing nothing but opinions, our money and assets should be going to people that PRODUCE products for sale, not opinions and propaganda.

    Comments are subject to approval and moderation. We remind everyone that The Heritage Foundation promotes a civil society where ideas and debate flourish. Please be respectful of each other and the subjects of any criticism. While we may not always agree on policy, we should all agree that being appropriately informed is everyone's intention visiting this site. Profanity, lewdness, personal attacks, and other forms of incivility will not be tolerated. Please keep your thoughts brief and avoid ALL CAPS. While we respect your first amendment rights, we are obligated to our readers to maintain these standards. Thanks for joining the conversation.

    Big Government Is NOT the Answer

    Your tax dollars are being spent on programs that we really don't need.

    I Agree I Disagree ×

    Get Heritage In Your Inbox — FREE!

    Heritage Foundation e-mails keep you updated on the ongoing policy battles in Washington and around the country.

    ×