An ongoing series of cyber-attacks on federal banks, government agencies and private companies has U.S. Sen. Saxby Chambliss pushing legislation that would bolster the nation’s defenses against computer hackers, both domestic and foreign.
The Georgia lawmaker said he plans to draft a bill that would allow the U.S. to share classified “cyber threat information” with companies who say they are losing billions of dollars annually to stolen patents and government contracts – chiefly those negotiated for the production of weapon systems.
In an interview this week with The Augusta Chronicle, Chambliss said that he spoke “at length” with President Obama about the legislation – expected to be ready by the end of the summer – during a recent golf outing the two had, in which Chambliss hit a hole-in-one.
While on the course, Chambliss said he stressed to Obama that cyber security was of “great importance” to him and that this legislation was a “top priority” before his retirement in 2014.
“We’re getting hacked hundreds of thousands of times a day in this country, both on the domestic and international level,” Chambliss said. “The private sector needs to have the same defensive measures that the government has in place to protect its files and records.”
Chambliss said he has “agreed in principle” on the details of the bill with its co-sponsor, Sen. Dianne Feinstein, D-Calif., and chairwoman of the Senate Select Committee on Intelligence, which Chambliss also serves as a ranking member. On Tuesday, Feinstein said in a statement that “we are currently drafting a bi-partisan information sharing bill and will proceed as soon as we come to an agreement.”
Talks of a new bill come after the Cyber Information Sharing and Protection Act, CISPA, passed the House of Representatives in April, but failed to make it to the Senate. As it was crafted, CISPA allowed the government to share classified “cyber threat information” but also enabled companies to pass on user information to the federal agencies – a provision that had many civil liberty groups up in arms.
Chambliss said personal information will be protected under this new bill, which will be modeled after the 35-year-old Foreign Intelligence Surveillance Act to cover drone strikes and offensive cyberoperations.
Chambliss said the U.S.’s main cyber threats are China, Russia and Iran, the country believed to be behind recent cyber-attacks on Wells Fargo, JP Morgan Chase, Bank of America, PNC and American Express.
In support of his bill, Chambliss cited a 2013 report published by the Mandiant Corp. which stated the People’s Liberation Army of China systematically stole hundreds of computer files of intellectual property from at least 141 organizations spanning 20 major industries.
The Washington, D.C.-based information security company tracked the Chinese hacking job to four large networks in Shanghai and due to the sheer amount of information stolen, described it as “one of the most prolific cyber espionage campaigns in the world.”
The firm’s report said the Chinese network maintained access to its victim databases for an average of 356 days, the longest breach lasting 1,764 days, or four years and 10 months. Among the data stolen were technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and e-mails and contact lists from organization leadership.
The pentagon confirmed the report as valid.
“The Chinese haven’t denied the report’s findings,” Chambliss said. “It’s pretty obvious its credible information.”