Just two days after President Barack Obama signed a law with a provision targeting China’s alleged hacking, the chairman of the House Intelligence Committee indicated he is working on legislation that would formally penalize China and other countries supporting hackers who steal U.S. trade secrets.
Speaking to reporters after a cybersecurity briefing hosted by Covington & Burling LLP and the Chertoff Group, committee Chairman Mike Rogers (R-Mich.) said the legislation would likely be introduced later this year, but he would not elaborate on what kinds of retaliatory actions it would sanction. Obama on Tuesday signed into law the Consolidated and Further Continuing Appropriations Act, which includes a provision restricting U.S. government purchases of information technology made by companies linked to the Chinese government.
“There’s a whole series of things that we can do and put on the table to show that there is a consequence,” he said, “for stealing intellectual property and trying to repurpose it for purposes of competition overseas.”
“Somebody mentioned visas,” Rogers added, referring to a question from the audience about revoking the visas of foreign hackers and their associates. “That would be a good suggestion, and we’ll look at putting that in the bill.”
The bill will likely be introduced later this year, Rogers said, in a separate effort from the broad domestic bill he is currently co-sponsoring with Intelligence Committee Ranking Member Dutch Ruppersberger (D-Md.).
Rogers corrected a reporter who asked him about punishing China specifically.
“Not punitive on China — punitive on nation-states that steal intellectual property and re-purpose it for government companies to illegally compete in the market,” Rogers said, adding coyly, “If the shoe fits…”
Chinese hacking has surged in national consciousness after a spate of high-profile hackings in recent months. Those attacks prompted the security firm Mandiant to release a report last month that traced cyber intrusions into more than 100 U.S. companies to a unit of the Chinese military.
Rogers and Ruppersberger last month introduced the Cyber Intelligence Sharing and Intelligence Act, but Rogers said Thursday that “changes” to the bill will be announced a day or two before the markup, expected next month. Asked whether such changes included a provision requiring companies to strip personally identifying information from data they share with the government — a key stipulation of privacy and civil-liberties advocates — Rogers said he could not discuss it.
An earlier version of the bill passed the House last year but died in the Senate on privacy concerns; a Senate bill, which business groups criticized for its emphasis on regulation, ultimately failed as well.
Obama’a Feb. 12 executive order — which encourages information sharing between government and the private sector and directs agencies to come up with a framework of cybersecurity best practices for the protection of things like water and utility plants — might make it easier to get a bill through the Senate, Rogers said.
The order, he said, “took a lot of pressure off the Senate — they didn’t have to get out and have a bill that fixed every single problem in the Internet world when it comes to cybersecurity.”
Congress, he said, should come together to pass his bill in order to enable better information sharing before moving to other regulatory concerns.
“This isn’t going to be the end-all, cure-all — this is not the bill that solves every problem,” Rogers said. “But it sure take a big chunk out of the problem.”
Still, the House bill continues to raise privacy objections. The bill would grant legal immunity to businesses acting in good faith to share threat information, a provision business and security leaders say is important to ensure private-sector participation in the new framework. Opponents of the bill argue that it protects big businesses but exposes consumers, raising concerns that individuals’ personal information could fall into military hands and result in prosecution of crimes unrelated to the original cyber threat.
The White House last year opposed the bill, also on privacy grounds. Rogers said Thursday, though, hinted he and other House negotiators have made a small “breakthrough” in talks with the White House. He would not elaborate.