Last year, cyber attacks on computer networks increased to a record level, doubling the number recorded in 2012. According to cybersecurity research firm FireEye, the rate of attacks on enterprises occurred every 1.5 seconds last year, up from once every three seconds the previous year. In the face of this onslaught, it is no surprise that government officials are taking steps to pass cybersecurity legislation. Unfortunately, if the recent announcements by Kentucky and Senator Mark Warner are a harbinger of things to come, it appears that inability of Congresses to enact comprehensive reforms will result in a patchwork of state and federal laws/regulations.
For its part, the Kentucky Senate passed a bill to improve security of personal data located on government computers. Known as House Bill 5, the legislation requires state agencies to better protect private information stored on government computers and also requires state and local government agencies to notify people within 35 days if their personal information is stolen or mishandled. House Bill 5 is a top priority of State Auditor Adam Edelen, who noted, “Every cybersecurity expert agrees that it’s not a matter of if agencies will be hacked. It is just a matter of when.” He further stated that, “From social security numbers, to tax returns, health records, to credit cards, governments possess more sensitive, private data than any other single entity.” These comments are likely a greater reflection on the past than a prediction of the future as a consequence of the 2012 incident when the Kentucky state finance cabinet accidentally posted Social Security numbers and sensitive information on its website.
House Bill 5 cleared the GOP-controlled Senate without opposition and received final approval from the Kentucky House on March 28. So far, the process has been described as bipartisan, and with 74 co-sponsors, a signature from the Governor appears to be a sure thing.
At the federal level, U.S. Senators Mark Warner (D-Va.) and Mark Kirk (R-Ill.) announced that they will introduce a bipartisan amendment creating a law enforcement partnership between the United States and Ukraine to combat cybercrime and improve cybersecurity. This amendment will be attached to an aid package intended to help bolster the Ukrainian government. At first blush, attaching an amendment to an aid package for Ukraine and limiting its focus to fostering cooperation between two countries may seem puzzling. But Ukraine is a known international haven for hackers, as evidenced by the data breach directed at millions of U.S. customers of Target and other leading American retailers. Both attacks were ultimately traced to cybercrime syndicates operating in Ukraine.
The Warner/Kirk amendment to the Ukraine aid bill proposes the following:
1) The initiation of formal U.S.-Ukraine bilateral talks on cybercrime to be followed by multilateral talks that include other law enforcement partners such as Europol and Interpol.
2) The establishment of a U.S. standing senior-level working group to conduct regular dialogue on cybercrime concerns and share best practices between law enforcement agencies in the U.S. and Ukraine.
3) The expansion of cyber law enforcement capabilities through a program with Ukraine that includes sending FBI agents to assist Ukrainian investigations and improve law enforcement cooperation.
4) Improved extradition procedures. There currently is no U.S.-Ukraine extradition treaty, which makes Ukraine a safe haven for operators of international cybercrime activities syndicates.
Sen. Warner stated in support of the amendment, “As the United States works to support this new Ukrainian government and as the Senate considers this significant Ukrainian aid package, we have an excellent opportunity to create new structures of cooperation that will better protect American consumers and businesses by working together to crack down on international cybercrime.”
“Our nation is one of the most frequently targeted countries for major cybercrimes and data breaches, accounting for nearly half of the $11 billion of losses on payment cards worldwide,” Sen. Kirk added. “Ukraine is a known hub for cybercrime, and the United States should work with the Ukrainian government to create a framework of cooperation to deter, prevent and counter these cyber criminals and ensure the safety of the newly formed Ukrainian government and financial system.
Whether the amendment remains part of the aid package and achieves positive results remains to be seen. But if it even slightly diminishes the ability of hackers to operate freely in Ukraine, it will be deemed a success.