Two extremely important pieces of pending cybersecurity legislation took significant steps forward in Washington last week.
For many of us who have devoted years of their careers to advancing support for more effective international cybercrime enforcement, the last week has represented a critical timeframe.
With the introduction before the U .S. Senate of the International Cybercrime Reporting and Cooperation Act, and the passage of the 2009 Cybersecurity Act by the Senate Commerce, Science and Transportation Committee in Washington, two extremely strategic pieces of proposed legislation attained important milestones.
The Cybercrime Reporting and Cooperation Act, bipartisan legislation introduced by Sen. Kirsten Gillibrand, D-N.Y., and Sen. Orrin Hatch, R-Utah, is fundamental to mounting the global war against cybercrime.
Far too many nations have institutionalized the cybercrime epidemic via both direct and indirect support of it as an underground industry, and the lack of comprehensive U.S. international strategy and norms to address this issue has only served to perpetuate the lawlessness of cyberspace.
The current environment is akin to the dark ages and the rule of law must be championed via the use of both subtle and very aggressive methods. Specifically, the elements of this bill which create incentives to help elevate foreign assistance programs that focus on securing the international telecommunications and financial sectors are seminal in relation to today’s existing policies.
In combination with the Rockefeller-Snowe Cybersecurity Act – which elevates cybersecurity to the cabinet level, further links national IT security policy with that of our critical infrastructure providers, and creates the necessary resources and capacity for a federal cybersecurity workforce – is another historic body of work.
On the highest levels of our government, more weight than ever before is being given to the idea that cybersecurity is a critically pervasive issue, and that we cannot create a monolithic, isolated “Fortress America” in cyberspace to address it.
We finally have legislation in the pipeline that recognizes and seeks to counteract the systemic risk that exists within this aquatic electronic ecosystem, and supports the reality that cybercrime must be managed via proactive foreign policy. The Cybercrime Reporting and Cooperation Act should be viewed as foundational to that end.
Moving Forward, Globally
Among the specific areas of the Bill that are most important are the pieces that mandate an annual report to the President on cybersecurity, create a new cybersecurity post at the State Department, and mandate U.S. representatives for cybersecurity around the globe to help inform the aforementioned foreign assistance programs.
There’s also the call for a Presidential action plan regarding the assessment and classification of countries of concern in relation to cybercrime, through which the Commander In Chief will directly participate in the demarcation of nations who the U.S. needs to focus its attention and resources on. These classifications will be fed by informed assessments of which countries are truly failing to make the grade in thwarting cybercrime activities occurring within their borders, and their telecommunications infrastructure.
Building on this proposed legislation, further initiatives should be launched in cooperation with the G-20 nations to create a Cyber Action Task Force – along the lines of the Financial Action Task Force – to promote the development of sustainable law enforcement policies and to combat attacks against the security and resiliency of our national information systems.
Recent arrests of cybercriminals in the Eastern EU provide provides us with an additional sign of global progress in this arena, as the Russian government has clearly recognized that by failing to pursue native cybercriminals doing business abroad, it has subsequently damaged its own stability both internally and in the international setting.
All global regimes need to recognize that cybercrime is a phenomenon undermines their standing via empowerment of non-state actors; that it can and does empower rebels, terrorists and criminals, and allow them to undermine governments and their power if not addressed. Some of the provisions of the International Cybercrime Reporting and Cooperation Act that I’ve already named could finally create a framework for this awareness to be positively influenced by U.S. policies.
This Bill stands as a starting point on which to develop a national deterrence strategy for the U.S. and invigorate multilateralism in regards to fighting cybrercrime and building global cybersecurity capacity. The Rockefeller-Snowe Cybersecurity Act puts a flag in the ground for creating an international cybersecurity framework and the International Cybercrime Reporting and Cooperation Act continues that push.
These proposals represent a series of actions that, if passed, could be related in historic scope to Ben Franklin’s decision to send the Marines to Tripoli to defend our national interests against the Barbary Pirates in the first proactive military strike by the U.S. government to engender justice across a previously wide open international landscape.
Just as we reinforced the law of the seas then, so must we lead the world today in securing cyberspace… and there are a whole lot of pirates out there today.
Many countries with institutionalized hacking and shadow economies have either supported it or turned a blind eye because the cyber-culture has traditionally endorsed a Robin Hood like mentality where it was on some level defensible to try to steal from those with something to lose.
These proposed pieces of legislation are precisely what we need to create incentives via international development to finally affect change in this crucial arena.
-Tom Kellermann, Vice President of Security Awareness