Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government //

Cybersecurity

12/13/2010
03:05 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New York Senator, Congresswoman Call On U.S. To Launch Global Crackdown On Cybercriminals

“The cyberattacks we’ve seen in the last week show that America and the world is vulnerable to a full scale cyber war,” Senator Gillibrand said.

New York, NY – After a week in which WikiLeaks supporters launched cyber attacks targeting American companies MasterCard, Visa, and PayPal, Senator Gillibrand, a member of the Senate Foreign Relations Committee, and Representative Yvette D. Clarke, Chairwoman of the House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, called on President Obama to launch a global effort to crackdown on cyber criminals. Standing at Symantec's New York City office, lawmakers urged the President to adopt proposals to protect New York businesses and infrastructure by putting foreign countries who fail to enforce cyber security laws on notice and sanctioning those who do not cooperate.

During the past week, MasterCard, Visa, PayPal and other American companies that have cut ties to WikiLeaks, were sabotaged by a string of coordinated cyber attacks. The global cyber assault intended to flood the companies' websites with traffic, block all access and make them unavailable to customers around the world.

In addition to these attacks, State Department documents disclosed by WikiLeaks earlier this month demonstrate that government-sponsored cyberwarfare is a real and serious threat. Previously classified cables released by WikiLeaks confirmed suspicions that China’s persistent attacks on Google and other American businesses were supported by the Chinese government.

“The cyberattacks we’ve seen in the last week show that America and the world is vulnerable to a full scale cyber war,” Senator Gillibrand said. “America must be able to defend against these types of attacks and shut down cyber threats around the world. This must be a top priority for our national security and our economy. We must go after cyber criminals wherever they are – and it must be an international effort. Our plan would require the President to identify threats abroad, hold countries accountable to ensure they crack down on their own cyber criminals, and cut off U.S. aid and resources for countries that refuse to take responsibility. By getting tough on cybercrime globally and working with the international community, New York City businesses and families will be safer.”

“Unfortunately, we have seen just how destructive cyber attacks can be to our businesses and cyber space,” said Representative Clarke. “Hackers can, as of now, easily get into and shut down the cyber infrastructures that major corporations and organizations depend on. As chairwoman of the House Homeland Security subcommittee on Emerging Threats, Cybersecurity and Science and Technology, I believe that we must put aggressive measures in place to protect our cyber infrastructure from attack. We must bolster our cyber space by putting the proper tools in place to protect it from cyber criminals both in the public and private sector. Our national security depends on it.”

In a letter to President Barack Obama, Senator Gillibrand expressed disappointment that more has not been done to improve U.S. foreign policy mechanisms that would address cybercrime and cybersecurity. The Senator also urged the Obama Administration to enhance the State Department’s foreign policy mechanisms to address cybercrime and cybersecurity by formalizing an approach that designates key resources to meet the challenges we face.

Senator Gillibrand has teamed up with Senator Orrin Hatch (R-Utah) to author the International Cybercrime Reporting and Cooperation Act, a bipartisan bill to hold foreign countries accountable for cybercrime committed in their country. Sen. Gillibrand’s legislation has broad private sector support, from Microsoft, eBay, Paypal, HP, Cisco, Symantec, McAfee, Visa, Citi, AmEx, MasterCard, Business Software Alliance, BITS and Financial Services Roundtable.

“Identity theft, the leaking of classified or sensitive information, and cyber attacks overall will not abate anytime soon,” said Symantec Chief Technology Officer Mark Bregman. “Cybercrime activities pose a significant threat to national security, and events in recent weeks should stand as strong evidence that the time for cyber security legislation is ripe. We encourage Congress to follow the continued leadership that Sen. Gillibrand has exhibited on moving to reduce cyber crime issues and pass meaningful cyber security legislation such as the International Cybercrime Reporting and Cooperation Act. This much-needed legislation will help foster a more effective global response to cyber attacks by encouraging the development of global cybersecurity best practice guidelines. We look forward to working with Senator Gillibrand in the 112th Congress in support of her continued efforts to address malicious cyber crime activity and to continue making the Internet safer.”

The United States remains the highest target of cyber crimes, accounting for 23% of cyber assaults worldwide. Estimates show that New York City businesses lose more than $1.9 billion from malicious cyber activity each year. Cyber attacks such as the ones perpetrated in China, resulted in the loss of $67.2 billion nationwide in 2005, according to Government Accountability Office (GAO) estimates. According to studies by McAfee Inc, the global economy lost over $1 trillion in 2008 due to these activities.

Global criminal networks continue to grow in volume and sophistication in an attempt to steal, exploit, or destroy information. United States Secret Service estimates that as much as 70% of cybercrime originates from outside the United States. According to Symantec, there have been more viruses and other cyber intrusions in the past 15 months than in the past 18 years combined. Yet key countries, including China and Russia, have not signed onto international cyber crime agreements and have not taken adequate measures to reign in cyber criminals.

Further, in the second half of 2009, Microsoft was forced to clean 15.4 million computers nationwide due to malicious attacks. In the first quarter of this year alone, 11 million computers were infected.

A Symantec survey conducted in August 2010 revealed that more than half of companies in critical infrastructure areas, including banking and finance, information technology, and health care, suspected of being victims of cyber attacks and reported being attacked 10 times over the past five years.

In an effort to boost America’s cyber security, improve U.S. coordination with allies, and establish tough, new ways to crack down on cyber threats internationally, Senator Gillibrand introduced the International Cybercrime Reporting and Cooperation Act earlier this year. Representative Clarke is the lead sponsor of similar legislation in the House, with Representatives Timothy Bishop (D-NY), Peter King (R-NY), and Anthony Weiner (D-NY) as co-sponsors of the bill.

Issue Annual Presidential Report

The bill would require the President to annually report to Congress on the assessment of countries’ use of information and communications technologies (ICT) in critical infrastructure, the extent of cybercrime in each country, the effectiveness of each country’s legal and law enforcement systems to combat cybercrime, and countries’ online protection of consumers and commerce.

Deliver Foreign Assistance to Prevent Cybercrime Havens

To prevent countries from becoming future cybercrime havens, the bill would give countries with low ICT penetration priority when it comes to U.S. or multilateral assistance programs designed to combat cybercrime and improve critical sectors.

Identify Countries of Cyber Concern

Under the bill, the President would identify countries of cyber concern –countries which show patterns of cybercrime against the U.S. government, private entities or individuals and lack measures to sufficiently address cybercrime through laws, investigations or international cooperation – and work with each country of cyber concern, establishing an action plan with benchmarks to improve the government’s efforts against cybercrime. The President would provide an annual assessment of the country’s progress.

The President could waive the requirement to develop an action plan for any country if it is in the national interest, and report such waiver to Congress, in classified form if necessary.

Penalize Countries that Fail to Meet Benchmarks

Countries of cyber concern that do not reach their benchmarks may have one of the following benefits suspended, restricted or prohibited: new OPIC or ExIm financing, new multilateral financing, new TDA assistance, preferential trade programs, or new foreign assistance, as long as such do not limit projects to combat cybercrime.

Focus on Department of State International Cybercrime Policy

In order to improve the U.S. focus on addressing international cybercrime, the bill would require the Secretary of State to designate a senior official at the State Department to coordinate and focus on activities, policies and opportunities to combat cybercrime internationally, and in consultation with other Federal agencies and the relevant chiefs of mission, appoint employees at key embassies to focus on cybercrime policy.

Full letter to the President is below.

Dear President Obama,

The recent disclosures of diplomatic cables regarding the Chinese cybersecurity threat has prompted me to write to urge you to increase United States’ focus on addressing key international cyber challenges, including combating cybercrime, enhancing the security posture of U.S. cyber networks from international intrusions and guiding the international discourse. You clearly recognize the importance of the cyber domain, having conducted a government-wide review of cybersecurity and appointed a Cyber-Security Coordinator at the White House. But it is disappointing that more has not been done to improve U.S. foreign policy mechanisms that would address cybercrime and cybersecurity.

The recent disclosure of State Department cables have revealed more fully than before U.S. diplomats’ belief that cyber attacks on Google, and perhaps other U.S. interests, were part of a concerted Chinese government strategy. Given these assessments by our own experts, I expect a plan to prioritize international cyber policy. While U.S. officials have been producing some positive results in this area in the past year, I believe far greater focus and prioritization is needed to match the level of focus of other countries, engage internationally, and ensure that United States’ economic well being and national security are preserved.

As you know, I have a bi-partisan bill with broad private sector endorsement that seeks to bolster U.S. foreign policy mechanisms used to address cybercrime. I have discussed the bill extensively with your administration, and had hoped to find common ground for instituting these or other policy mechanisms. I am disappointed that progress on this legislation has not been made. I am doubly concerned that we still do not have a high level individual at the State Department to focus on international cybersecurity, as my legislation suggests.

I urge you to enhance the State Department’s foreign policy mechanisms to address cybercrime and cybersecurity by formalizing an approach that designates key resources to meet the challenges we face.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4682
PUBLISHED: 2021-01-28
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
CVE-2020-4888
PUBLISHED: 2021-01-28
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker co...
CVE-2020-13569
PUBLISHED: 2021-01-28
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can...
CVE-2021-20620
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20621
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.