Twice in as many years, the notorious Cyber Intelligence Sharing and Protection Act (CISPA) has passed the House and died in the Senate. But the Senate’s own attempts at a cybersecurity bill never got off the ground in 2012, and it was only a matter of time before they started proposing replacements.
Enter the Deter Cyber Theft Act.
It’s not CISPA. But it’s sure being pushed like CISPA.
On its surface, the bill is simple. It’s designed to make the Director of National Intelligence, who serves under the president, create a comprehensive annual report on what sophisticated foreign groups hack U.S. companies and what trade secrets they come away with. Companies that make this new list of cyber thieves could have their products blocked from entering the U.S.
The Deter Cyber Theft Act is particularly keen on “foreign economic and industrial espionage,” which should come as no surprise to anyone following Congress’s seemingly endless debate on how the nation should address cybersecurity. In recent months, more and more reports have claimed that a few countries—and China’s always the big one—regularly hack U.S. targets to steal industrial trade secrets. In Washington’s mentality, this means that hacking for corporate info and using computers to attack the U.S. economy are one and the same.
In his official announcement of the bill, sponsor Sen. Carl Levin (D-Mich.) leaned on NSA and U.S. Cyber Command head Keith Alexander, one of CISPA’s major supporters.
“The Deter Cyber Theft Act, S. 884, would combat what […] Gen. Keith Alexander recently called ‘the greatest transfer of wealth in history,’” Levins’s official press release said.
CISPA, which would have made it much easier for companies to share data with the government, was resoundingly criticized by privacy groups and popular sentiment on the Internet. It would have made that process so legally streamlined, they argued, that any individuals’ personal information could end up in the federal government’s hands.
When CISPA was first pitched, in 2011, the rhetoric around it was similar to the Deter Cyber Theft Act’s current language. “China’s economic espionage has reached an intolerable level,” its sponsor, Mike Rogers (R-Mich.) said at the time. “Beijing is waging a massive trade war on us all.”
But somewhere along the way, stopping economic attacks took a backseat to protecting the nation’s infrastructure, and CISPA became necessary to stop a potential “cyber 9/11,” in the words of Homeland Security Secretary Janet Napolitano.
However, in February, security consulting firm Mandiant released a blockbuster report that meticulously described most U.S. hacks as coming from a Chinese army base. The push for CISPA became more about stopping state-sponsored attacks on trade secrets again.
“Every single day they literally have thousands of cyberwarriors or cyberspies looking to steal your intellectual property,” Rogers said at the time.
The Senate’s previous take on the issue, the now-retired Joe Lieberman (I-Conn.)’s Cybersecurity Act of 2012 (CSA), failed a vote twice last year. But the Defer Cyber Theft Act has a head start, if only because of who’s already behind it. In addition to Levin, the bill is sponsored by major CSA supporter Jay Rockefeller (D-W.Va.), and John McCain (R-Ariz.), who had strongly opposed the CSA and had his own cyber bill that never got off the ground.
Rockefeller hinted that Deter Cyber Theft Act was but one of many cybersecurity bills to come.
“Our economic prosperity and national security depend on bolstering our cybersecurity,” he said, “and this bill is a crucial component of that effort,”
Read the entire text of the bill below:
Illustration by Jason Reed