The discussion took place at a hearing of the Subcommittee on Europe,Eurasia and Emerging Threats,part of the House Foreign Affairs Committee. Most of the discussion centered around China,a hub of government-sanctioned cyber theft,according to a recent report released by the information security company Mandiant.
Christopher Painter,the U.S. coordinator for cyber issues,discussed the difficulty in prosecuting people whose cyber crimes cross international borders.
“You may remember,years ago,there was the ‘ILOVEYOU’ virus,” Painter said,referring to a computer worm that spread throughout the world in early 2000. “They thought they found the perpetrator,and the country where they found him didn’t have any law that criminalized that issue.”
Rep. Dana Rohrabacher,R-Calif.,the subcommittee chair,asked Painter about the history of cyber-crime prosecutions around the world. There have been prosecutions in the U.S.,Painter said,as well as prosecutions in close allies of the U.S.,such as England,Germany and France.
“And what happened to some of them?” Rohrabacher asked.
“It depends on the legal system,” Painter said. The U.S. and allies have penalties based on the financial harm of cyber crime.
But,Rohrabacher asked,what should the U.S. do if officials determine a cyber attack is “blessed” by a government?
“What sanctions do you put on any country?” Rohrabacher asked. “For example,it’s clear that China is deeply involved in this. Everybody knows it,supposedly. What have we done to say,’OK,here’s your deadline,and this is exactly what’s going to happen?'”
Painter quoted National Security Adviser Tom Donilon in response,pointing out three aims of cracking down on cyber security diplomatically.
“One: We want China to understand the scope and seriousness of this problem,” Painter said. “Two: We want to make sure that they stop,that they actually take some action to investigate and stop this activity,and three: that we need the sustained dialogue from China.”
“I just asked you a specific question for a specific action,and all I got was a list of words,” Rohrabacher said. “I’m sure that words coming out of the mouth of officials of the United States is terribly frightening to the Chinese.”
Other committee members echoed Rohrabacher’s statements.
“Do you think this has been working to any extent at all?” Rep. Tom Marino,R-Pa.,said.
Painter replied that the U.S. has raised the pressure about how serious the issue of cyber security is. Cyber security is being treated less as a technical issue,Painter said,and more as an economic and foreign policy issue.
Marino interrupted Painter to offer his own tongue-in-cheek solution.
“Maybe since we owe China so much money for our debt,why don’t we deduct what they’re stealing from us and take it away from our debt?” Marino said.
Reach reporter Matt Nelson at [email protected] or 202-408-2735. SHFWire stories are free to any news organization that gives the reporter a byline and credits the SHFWire.