Legislation Would Foster International Coordination, Require Crackdown on Cyber Criminals In Foreign Countries That Offer Them Havens

As New York businesses lose approximately $4.6 billion as a result of cyber attacks and with a growing threat of cybercrime internationally, Rep. Yvette D. Clarke joined U.S. Senators Kirsten Gillibrand (D-NY) and Orrin Hatch (R-UT) to introduce the House companion of the International Cybercrime Reporting and Cooperation Act, H.R. 4692 – new bipartisan legislation that would enhance America’s cooperation with other countries to combat cybercrime and keep America safe. This bipartisan legislation received support from senior New York and Homeland Security Committee lawmakers. Original cosponsors are U.S. Representatives Peter King (R-NY), Anthony Wiener (D-NY), Bennie Thompson (D-MS), Loretta Sanchez (D-CA), and Laura Richardson (D-CA).

“Cybersecurity is a key tool in our national security infrastructure,” Rep. Clarke said. “Cyberspace has no borders or boundaries. The international community must go after cyber criminals wherever they may be, or our American businesses and consumers will continue to suffer. The new legislation will require the president to provide a global assessment, identify threats from abroad, work with other countries to crack down on their own cyber criminals.”

“Protecting the nation’s cyber networks against hackers and other threats is a huge security challenge,” said Rep. Loretta Sanchez, Vice Chair of the House Homeland Security Committee. “This is a global effort, one that requires the intelligence capabilities and cooperation of the entire international community. We can take steps to strengthen our own cyber networks, but without consulting our allies, the security of the entire system is at risk.”

“The importance of having effective cybersecurity policies grows with each passing day. We can no longer allow hackers to run roughshod over America’s computer networks,” Weiner said. “This legislation turns the floodlights on countries that shelter cyber thieves and will help the U.S. protect itself from future attacks.”

Earlier this year, hackers in China launched a large, sophisticated attack on Google and other American businesses. A conservative estimate from the Government Accountability Office (GAO) estimates that in 2005 U.S. businesses lost $67.2 billion as a result of cyberattacks. Since then, attacks have dramatically increased. The global economy overall lost over $1 trillion in 2008 as a result of cyber attacks, according to studies by McAfee, Inc. Based on these conservative estimates, New York businesses lose more than $4.6 billion each year as a result of cyberattacks.
Numerous American employers, including Cisco, HP, Microsoft, Symantec, PayPal, eBay, McAfee, American Express, Mastercard and Visa, as well as Facebook, are supporting the identical Senate legislation.

Criminals are increasingly going after online financial data – costing businesses and individuals billions. In fact, each data breach costs American businesses an average of $6.6 million. Cyber exploitation activity has grown more sophisticated and targeted over the past year and is expected to increase. Relevant international cybercrime agreements have not been signed by certain key countries that host cyber criminals with apparent impunity.

The International Cybercrime Reporting and Cooperation Act, H.R. 4692 includes five key provisions:

Annual Presidential Report
The bill would require the President to annually report to Congress on the assessment of the state of countries’ use of information and communications technologies (ICT) in critical infrastructure, the extent and nature of cybercrime based in each country, the adequacy and effectiveness of each country’s legal and law enforcement systems addressing cybercrime, and countries’ protection of consumers and commerce online. The President would also report on multilateral efforts to prevent and investigate cybercrime, including U.S. actions to promote such multilateral efforts.

Deliver Foreign Assistance to Prevent Cybercrime Havens
The bill would require that programs designed to combat cybercrime be prioritized to countries with low ICT penetration, in order to prevent such countries from becoming future cybercrime havens. Also, U.S. or multilateral assistance designed to improve critical sectors such as finance or telecommunications would be encouraged to include programs designed to combat cybercrime, in order to ensure that such assistance is not inadvertently being used to build future crime havens.

Identify Countries of Cyber Concern
The bill would require the President to identify countries of cyber concern, where there is significant, credible evidence that a pattern of cybercrime against the U.S. Government, private entities or persons by persons from within such countries’ borders exist, and identify such countries that do not sufficiently address cybercrime through investigations, prosecutions, bilateral or international cooperation, or appropriate legislation or similar measures.

For each country of cyber concern, the President would establish an action plan with benchmarks designed to assist the government of each country to improve its capacity to combat cybercrime. This plan would be developed and carried out in consultation with the county of concern, in order to encourage them to reach the benchmarks. The President would provide an annual assessment of the country’s participation in the action plan.

The President could waive the requirement to develop an action plan for any country if it is in the national interest, and report such waiver to Congress, in classified form if necessary.

Failure to Meet Action Plan Benchmarks
Countries of cyber concern that do not reach their benchmarks may have one of the following benefits suspended, restricted or prohibited: new OPIC or ExIm financing, new multilateral financing, new TDA assistance, preferential trade programs, or new foreign assistance, as long as such do not limit projects to combat cybercrime.

Department of State International Cybercrime Policy Focus
In order to improve the U.S. focus on addressing international cybercrime, the bill would require the Secretary of State to designate a senior official at the State Department to coordinate and focus on activities, policies and opportunities to combat cybercrime internationally, and in consultation with other Federal agencies and the relevant chiefs of mission, appoint employees at key embassies to focus on cybercrime policy.

# # #