Baltimore Sun: Fight cyber crime through information sharing

It’s like a recurring bad dream.

March: Hackers allegedly stole the credit card numbers from more than 10 million Visa and MasterCard customers by breaking into the computer systems of the company's payment processor in New York. The thieves stockpiled the stolen credit card numbers for months before beginning to use them.

August: Cyber attackers disrupt production from Saudi ARAMCO, the world’s largest exporter of crude oil –  taking out 30,000 computers in the process – according to the press.

January: PNC announces to its 5 million customers that its website is getting hit with high traffic consistent of a cyber attack meant to delay business with its online banking customers.

These are just three reported examples of cyber attacks in the past 12 months. Each could have had a devastating impact on the U.S. and global economies and, what’s more, each could have been prevented by the federal government.

That’s more than a bad dream – that’s a nightmare.

But, unfortunately, it’s also reality. The U.S. government can often see the worms and viruses placed by hackers and other evil-doers in the computer networks that make up our modern world. But they often can’t share it with the intended victims – usually American companies – because current law doesn’t allow it.

That’s why, this week, I, along with House Intelligence Committee Chairman Mike Rogers (R-MI) am

reintroducing common sense legislation to give American companies access to certain classified information on impending cyber threats – before the attack occurs.  This bill also better enables companies to call in attacks—like a 911 for cyber—so the government can help them respond as well as prevent further spread.  Last April, the House passed the “Cyber Intelligence Sharing and Protection Act” by a wide bipartisan majority, but it stalled in the Senate. We can’t afford to let it stall again.

Highly-trained Chinese, Russian and Iranian hackers are probing and pilfering and plotting every second of every day. They’re often after personal data: In November, reports suggested a hacker was able to access nearly 4 million tax returns in South Carolina with a single malicious email. And they’re often after the trade secrets of our companies:  the media has reported that Coca-Cola may have fell victim to hackers from a Chinese beverage company.

Many believe that what is happening to American business may be the largest transfer of wealth in the history of the world. It’s costing our companies billions of dollars and it’s costing our country thousands of jobs.

Preventing the U.S. government from sharing information about malicious computer code it detects  is akin to preventing forecasters from warning citizens about a hurricane. 

Our legislation doesn’t just protect American companies.  It will also protect every American citizen who, for example, uses electricity, banks online, or whose doctor compiles medical records electronically. Countries, criminals and terrorists are targeting the companies that you entrust with your private information every day. 

It’s important to note that under my legislation, your private information will also be kept private from the government. Information-sharing between companies and the government will be entirely voluntary. Businesses do not have to share information with the government in order to receive information from the government. The bill does not authorize the government to monitor your computer or read your email, Tweets or Facebook posts.  Nor does it authorize the government to shut down websites or require companies to turn over personal information.

Ultimately, cyber security is national security. We all have a part to play.  The federal government must take its first step with simple, information-sharing legislation like the one I’m proposing. Business owners must prioritize network security. And all of us as citizens must use strong computer passwords – and not just the names of our pets –  and keep our anti-virus software up-to-date.

We’ve gotten wake-up call after wake-up call.  It is time to work together to prevent the cyber nightmare from becoming a permanent reality.  

The writer, Congressman Dutch Ruppersberger, represents the Second District of Maryland. He is also Ranking Member of the House Permanent Select Committee on Intelligence.