Good Chance of Passage for Bill to Address Cyber Attacks on U.S. Companies

The Deter Cyber Theft Act of 2014, S. 2384, updates legislation introduced last year. Sponsors say it will give U.S. officials "a powerful new tool in the fight against computer espionage," the ability to impose sanctions under the International Emergency Economic Powers Act, which allows for action to confront threats to U.S. national security or the economy.

In a floor statement last Thursday, Levin said the bill was introduced in response to "overwhelming and indisputable evidence of large scale cyber intrusions by the Government of China into the computer networks of private U.S. companies for the purpose of stealing valuable intellectual property and proprietary information." He said such illegal and damaging behavior demands strong and immediate action. 

"It is time to fight back to protect American businesses and American innovation," Levin said. He is chairman of the Senate Armed Services Committee. "Battling the wave of computer espionage targeting the American economy requires law enforcement actions such as this week's indictment, and it requires action by Congress to hit those who profit from these crimes where they'll feel it: in the wallet."

The bill would authorize the Treasury Department under IEEPA to freeze assets of individuals or companies that benefit from theft of U.S. technology or other commercial information.

It also requires the director of national intelligence to publish an annual report that identifies countries engaging in computer espionage targeting valuable information of U.S. companies; a priority watch list of the foreign countries that are the most egregious offenders; U.S. technologies and information targeted or stolen by foreign cyber espionage; goods and services produced using stolen information; and government actions to combat computer espionage.

It would combat what former National Security Agency head and U.S. Cyber Command commander Gen. Keith Alexander called "the greatest transfer of wealth in history"—the theft of valuable intellectual property from U.S. companies, the sponsors said.

"As this week's indictment of five Chinese army officials on cyber-theft charges shows, U.S. companies are increasingly the targets of foreign countries and companies that illegally access valuable data and then use it to compete against American companies and workers," the sponsors said in a statement.

Two other bills are pending, one in the House and another in the Senate. In the House, the House Homeland Security Committee unanimously Feb. 5 reported out H.R. 3696, the "National Cybersecurity and Critical Infrastructure Protection (NCCIP) Act of 2013."

It would address the cyber threat by "giving the Department of Homeland Security (DHS) the tools to secure our nation in cyberspace, while protecting privacy and civil liberties." However, a provision prohibiting any new regulations at DHS dealing with cyber security is being seen as a slap in the face for the Obama administration and is unlikely to win support in the Senate even if it hits the House floor. And Internet companies strongly oppose any legislation that could be seen as regulating them.

At the same time, the Senate Intelligence Committee continues to work on a bill that would encourage sharing of cybersecurity data between the government and companies. U.S. companies have been urging Congress to enact legislation that would provide clarity about how private companies should be required to disclose security breaches and cyber threats, and which limits the private sector's liability in sharing cyber data.

Senate Intelligence Committee Chairman Dianne Feinstein, D-Calif., and Sen. Saxby Chambliss, R-Ga., ranking minority member of the committee, said in late April they have circulated a draft to key stakeholders in hopes of building support for the bill.

The bill is also being reviewed by Obama administration officials, private sector executives and privacy advocates.