Published on August 14th, 2019 📆 | 4308 Views ⚑0
Coming together to protect Americans from foreign cyberattacks
One of the most basic duties of our federal government is to protect citizens against the threat of attack from hostile foreign powers. Each year, we spend hundreds of billions to insure that our military forces have the tools they need to keep us safe from foreign invasion or attack so that we can lead out our lives in peace and pursue our happiness.
But in the 21st Century, a new threat to our citizens has arisen from hostile powers abroad. Today, foreign governments are strategically targeting Americans through cyberattacks against email and other electronically stored information systems. These foreign governments do so in order to intimidate and silence perceived enemies, influence debates over policy, and ultimately to achieve political outcomes that benefit them rather than the United States.
Unfortunately, it is doubtful that we are currently equipped to deal adequately with these threats. Just recently, the New York Times reported that Chinese-sponsored hackers were behind the disruption of information systems administered by the city of Baltimore. They shut down email and disrupted real estate sales, water bills, health alerts, and many other city services. According to the report, these cybercriminals have been targeting other towns, cities, hospitals, airports, rail, ATMs, and university systems across the country. They have paralyzed operations, stolen personal information, and otherwise wreaked havoc.
This is just the latest in a series of state-sponsored cyberattacks targeting U.S. companies and U.S. citizens. Back in 2014, North Korean hackers broke into computer systems at Sony Pictures and threatened the release of confidential data unless the entertainment company canceled the release of an upcoming motion picture, The Interview, critical of the North Korean regime. Sony complied with the demands.
Since 2017, North Korea has engaged in “increasingly hostile cyber activities, including theft [and] website vandalism” according to the Congressional Research Service. Government-backed hackers have reportedly conducted cyber-espionage against tens of thousands of U.S. targets, accessing computer networks and intellectual property, and raking in hundreds of millions through cyber-crime.
The same group of Russian hackers responsible for interfering in the 2016 presidential election with a cyberattack on the Democratic National Committee have reportedly gone after hotel WiFi networks and American companies like FedEx and Merck.
Iranian hackers have used ransomware widely against U.S. citizens.
And late last year, National Security Advisor John Bolton verified that China had been behind the 2015 cyberattack on the Office of Personnel Management, the most extensive hack of U.S. government data in history, which entailed the theft of personal data for over 22 million people (most of them federal government employees), including Social Security numbers, fingerprints, passwords, and other personal information gathered in the process of granting security clearances.
This issue transcends party lines. Both Republicans and Democrats — as well as liberal and conservative think tanks — have been targeted for perceived opposition to the interests of governments sponsoring the cyberattacks. The common thread is a desire to intimidate opponents of a particular agenda favored by a foreign government, by means of blackmail, theft, extortion, and invasion of privacy. Cyberattacks have become the weapon of choice for bad foreign actors who want to invade the privacy of American citizens in their quest to infiltrate the American political system to further their own interests.
The fact is, foreign governments have been aggressively using cyberattacks on private data systems for years to influence politics and policy in the U.S. They have realized that they can effectively curtail the First Amendment rights of American citizens and compromise our election system through the use of espionage organizations to infiltrate, intimidate, and silence opposition to their governments’ stated policy aims. They are willing to invest a lot of resources to do it, and there is little risk of retribution because victims lack effective means to strike back. American courts have consistently ruled that foreign governments have immunity from legal action on the part of U.S. plaintiffs, including the seizure of assets, as a result of the Foreign Sovereignty Immunities Act, a law passed in 1976 before the advent of the Internet.
In short, our laws provide hostile powers with immunity for their nefarious behavior by allowing them to exploit a legal loophole.
Congress should enact a cyberattack exception to the FSIA to protect the privacy and property of Americans. A clear precedent for such action already exists: Since the 1990s, Congress has enacted several laws that limit sovereign immunity for states sponsors of terrorism, providing a cause of action to certain victims of terror attacks. As recently as the Justice Against Sponsors of Terrorism Act, which was passed over President Obama’s veto in 2016, Congress has engaged legislation that reduces FSIA’s jurisdictional immunity in the terrorism context. A cyberattack exception would extend the same protections to hacking victims as terrorism victims currently enjoy.
Until Congress acts, foreign governments such as Russia, North Korea, Iran, and China will have a free hand to intimidate and silence Americans. That’s why we have come together as Republicans and Democrats to found Americans for Transparency and Accountability, a new organization which seeks to protect our democratic system and promote a healthier, more transparent debate about policy issues. We will advocate for policies that would place greater constraints on foreign influence campaigns, beginning with an update to the Foreign Sovereign Immunities Act.
It is time for all of us to come together to take measures that will effectively protect Americans from cyberattacks sponsored or conducted by foreign governments.
Kirk Thompson is the president of Redshift Strategy and a board member of Americans for Transparency and Accountability.