Crack­down on cy­ber­crime

Los Angeles Times - - SUNDAY OPINION -

To de­fend Amer­i­cans against cy­ber­crime, the Obama ad­min­is­tra­tion has tried su­ing in­di­vid­ual hack­ers and “nam­ing and sham­ing” the coun­tries that al­legedly spon­sored them. Last week the ad­min­is­tra­tion added a new, more pow­er­ful weapon to its ar­se­nal: fi­nan­cial and trade sanc­tions against ev­ery­one in­volved.

Cy­ber­se­cu­rity is a top na­tional pri­or­ity be­cause of the in­ces­sant at­tacks on com­puter net­works and stored data by hack­ers around the world, many un­der the aus­pices of for­eign gov­ern­ments. Ac­cord­ing to a re­cent es­ti­mate, the toll from cy­ber­crimes in 2013 was more than $100 bil­lion in the U.S. and roughly half a tril­lion dol­lars glob­ally. Much of the work in Wash­ing­ton has fo­cused on im­prov­ing the de­fenses of banks, en­ergy com­pa­nies and other po­ten­tial tar­gets. On Wed­nes­day, though, Pres­i­dent Obama sought to punch back harder against the hack­ers them­selves.

Obama’s ex­ec­u­tive or­der aims at only the most dam­ag­ing at­tacks or at­tempted at­tacks by for­eign hack­ers: those that have caused or are likely to pose “a sig­nif­i­cant threat to the na­tional se­cu­rity, for­eign pol­icy, or eco­nomic health or fi­nan­cial sta­bil­ity of the United States.” They would also have to harm cru­cial in­fra­struc­ture; steal iden­ti­ties, as­sets or valu­able in­for­ma­tion; or dis­rupt sites or net­works. The Trea­sury Depart­ment would be em­pow­ered to freeze the as­sets of and pro­hibit trans­ac­tions with not just the in­di­vid­u­als re­spon­si­ble for the at­tacks, but also their spon­sors, clients and any­one who as­sists them.

Se­cu­rity ex­perts wel­comed the or­der, say­ing the sanc­tions could help de­ter the hack­ers-for-hire who steal industrial se­crets and crash web­sites. One chal­lenge is iden­ti­fy­ing the peo­ple be­hind an attack, although im­prov­ing tech­nol­ogy is mak­ing that less daunt­ing. Once the cul­prits are named, the Trea­sury Depart­ment has to of­fer enough ev­i­dence to show that it isn’t abus­ing its new power. If top-se­cret sur­veil­lance pro­grams are an es­sen­tial part of track­ing the source of an attack, the ad­min­is­tra­tion may find it­self in the awk­ward po­si­tion of hav­ing to choose be­tween re­veal­ing clas­si­fied pro­grams and not seek­ing sanc­tions.

Con­sid­er­ing that the ad­min­is­tra­tion acts as pros­e­cu­tor, judge and jury when de­cid­ing to im­pose sanc­tions, it would be bet­ter to have Congress set rules that pro­tect all the in­ter­ests in­volved. But law­mak­ers have been stymied for years on cy­ber­se­cu­rity by a split among cor­po­rate lob­by­ists, con­sumer ad­vo­cates and the ad­min­is­tra­tion over pri­vacy and li­a­bil­ity con­cerns. Congress needs to re­solve those dif­fer­ences and move ahead on leg­is­la­tion to im­prove the coun­try’s cy­berde­fenses, rather than hav­ing Obama try to solve the prob­lem one ex­ec­u­tive or­der at a time.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.