09:29 PM

Legislators Propose International Cybercrime Cooperation Laws -- With Teeth

Hatch, Gillibrand say foreign countries need 'carrots and sticks' to learn proper cyber behavior

Two U.S. senators today proposed new legislation that would require the U.S. government to monitor the cybercrime posture of other countries and deliver assistance -- or sanctions -- to those countries based on the findings.

Senators Kirsten Gillibrand (D-NY) and Orrin Hatch (R-UT) today introduced the International Cybercrime Reporting and Cooperation Act -- a new bill designed to discourage foreign cybercrime and encourage international cooperation among cybercrime law enforcement agencies.

"If we're going to protect our networks, our infrastructure, our economy and our families, we have to go after cyber criminals wherever they may be -- and it must be an international effort," Sen. Gillibrand said.

"Our new legislation will require the president to provide a global assessment, identify threats from abroad, work with other countries to crack down on their own cyber criminals, and urge the President to cut off U.S. assistance and resources for countries that refuse to take responsibility for cybersecurity," Gillibrand explained. "Our legislation will make America safer by getting tough on cybercrime globally, and coordinating with our partners in the international community."

Cisco, HP, Microsoft, Symantec, PayPal, eBay, McAfee, American Express, Mastercard, Visa, and Facebook all stated publicly that they support the legislation.

The bill would require the President to annually report to Congress on the state of countries' use of IT in critical infrastructure, the extent of cybercrime based in each country, the adequacy of each country's cyber law enforcement systems, and countries' protection of consumers and commerce online. The President would also report on multilateral efforts to prevent and investigate cybercrime.

The bill would require that programs designed to combat cybercrime be prioritized to countries with low IT penetration, in order to prevent such countries from becoming future cybercrime havens. Also, initiatives that aid in the development of critical infrastructure would be encouraged to include programs designed to combat cybercrime, "to ensure that such assistance is not inadvertently being used to build future crime havens," the senators said.

The bill would also require the President to identify countries of cyber concern, where there is significant, credible evidence that a pattern of cybercrime against the U.S. government or private entities. Countries that do not sufficiently address cybercrime would be identified through "investigations, prosecutions, bilateral or international cooperation, or appropriate legislation or similar measures."

For each country of cyber concern, the President would establish an action plan with benchmarks designed to assist the government of each country to improve its capacity to combat cybercrime. Countries of cyber concern that do not reach their benchmarks would face restrictions in financing, trade, or other assistance from the U.S..

The bill would also require the Secretary of State to designate a senior official at the State Department to coordinate and focus on activities, policies and opportunities to combat cybercrime internationally.

"Until countries begin to take the necessary steps to fight criminals within their borders, cybercrime havens will continue to flourish," Sen. Hatch said. "We don't have the luxury to sit back and do nothing."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2018-08-14
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability...
PUBLISHED: 2018-08-14
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST r...
PUBLISHED: 2018-08-14
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
PUBLISHED: 2018-08-14
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows,...
PUBLISHED: 2018-08-14
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.