New Rogers Bill Calls for Deporting of Cyberspies

Published On June 7, 2013 | By Randy Sabett | General, Privacy
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

cyberspiesRep. Mike Rogers, Chairman of the House Intelligence Committee, announced via Twitter Wednesday night (6/5) that “[Thursday] @ 12:30 @RepTimRyan @SenRonJohnson and I will introduce new legislation to hold nation-state cyber hackers accountable.”  The new bill, known as the The Cyber Economic Espionage Accountability Act (H.R. 2281) calls for deporting foreign nationals suspected of being cyberspies for other countries.  In a press release Rep. Rogers said “[T]his is a vital step to let China know that there are real consequences to stealing American intellectual property and robbing U.S. ingenuity and innovation in order to gain competitive advantage.”

The introduction of the bill came just one day before President Obama meets with Chinese President Xi Jinping in Southern California, presumably in an attempt to get away from the constant spotlight that would have shining on them (particularly now that cyber has become a prominent issue).  The focus on China stems from the long held U.S. belief that the People’s Liberation Army launches many of the cyberattacks experienced by the U.S.  The release of the APT1 report by Mandiant furthered this belief, though China continues to deny its involvement.

One further thing that the APT1 report did make clear: attribution for cyberattacks takes a considerable amount of work.  The current architecture of the Internet does not allow for such attribution to be done easily, meaning that Rep. Rogers bill could wind up being of only limited use since it will continue to be difficult to identify the hackers.  Once attribution is made easier, however, it will further strengthen the utility of Rep. Rogers bill and other legislative activities (such as CISPA and related issues, including active cyber response).

About The Author

Randy V. Sabett joined ZwillGen as Counsel in 2011. He advises clients on information security, privacy, IT licensing, and intellectual property. Randy has over 20 years of infosec experience, including as an NSA crypto engineer and a CISSP. He works closely with companies in helping them develop strategies to protect and exploit their information and IP based on various evolving business models, including SaaS, mobile applications, cloud, and more traditional client/server architectures. Specific areas on which he focuses include information security, privacy, IT licensing, IP strategy, big data, metrics, active defense, venture capital, legislative matters, government contracting, digital and electronic signatures, federated identity, state and federal information security and privacy laws, identity theft, and data breaches. He also drafts and negotiates a variety of technology transaction agreements.