U.S. Businesses Vulnerable to Espionage Without Cybersecurity Legislation

Another senior Obama administration official has offered an endorsement of major cybersecurity legislation pending in the Senate, with Commerce Secretary John Bryson adding his name to the backers of the measure in the executive branch.

Writing in an Op-Ed in Politico, Bryson offered a new twist on the debate with a warning that businesses will remain vulnerable to corporate espionage carried out by foreign parties in the absence of comprehensive legislative reform.

“Over the past five years, a highly sophisticated team of operatives have stealthily infiltrated more than 70 U.S. corporations and organizations to steal priceless company secrets. They did it without ever setting foot in any victim’s office. Sitting at undisclosed computers, they could be anywhere in the world,” Bryson wrote. “This is the new face of corporate espionage.”

With his endorsement of the Cybersecurity Act, cosponsored by Sens. Joe Lieberman (I-Conn.), Susan Collins (R-Maine), John Rockefeller (D-W.V.) and Dianne Feinstein (D-Calif.), Bryson joins Homeland Security Secretary Janet Napolitano in backing the measure.

Under the bill, the Department of Homeland Security would be vested with new powers to oversee private-sector digital systems that are deemed critical infrastructure, a new measure of regulatory authority that does not sit well with the bill’s critics.

Indeed, several Republicans, led by Arizona Sen. John McCain, have spoken out against the bill and introduced their own measure, a far more limited cybersecurity bill that would focus on facilitating the sharing of information about cyber threats among public and private entities.

The comprehensive bill, which could come up for a debate before the full Senate within the coming weeks, would also address the information sharing issue, but go well farther with the establishment of new oversight authorities for DHS, though the bill’s backers are quick to point out that those regulatory powers have significant limitations.

While Napolitano offered a security-oriented defense of the bill in a hearing earlier this year, Commerce Secretary Bryson couched his support in economic terms.

“[T]here is another reason to care about Internet security that is less known: protecting U.S. competitiveness and jobs in the global economy,” Bryson said.

That stark warning recalls a strain of argument in the recent debate over controversial legislation designed to help protect intellectual property, proposals that were vocally backed by the film and music industries, but also saw a degree of support from business groups worried about the exfiltration of sensitive corporate information. Backers of the cybersecurity legislation are quick to point out that the cybersecurity bill would include substantial safeguards against online censorship, an issue that became a flashpoint in the IP debate, but that limited government oversight and improved coordination on threats are vital to the protection of U.S. business interests.

Too often, Bryson argued, the full effect of a breach is unreported or unknown, a condition the Cybersecurity Act aims to remedy.

“Though this new corporate espionage is rampant and rising, calculating the damage to U.S. interests remains difficult. Not all data theft victims are aware of — or willing to report — these incidents. Even when a cyber intrusion is detected, investigators usually cannot determine what information has been stolen or how the ultimate recipients will use it,” he said.

“Unfortunately, companies experience such losses every day, which can lead to layoffs and less hiring,” he added. “Quite simply — cyber espionage means fewer American jobs. Yet many cyber intrusions could be prevented by implementing sound cybersecurity practices.”

Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.