House Intelligence Chairman: U.S. Will “Lose” Unless It Follows Up On Chinese IP Hackers

The Justice Department’s indictment this week of five hackers from the Chinese military is “an important shot across the bow” in thwarting that country’s “ferocious” pace of IP theft, House Intelligence Committee Chairman Mike Rogers (R-Mich.) said at the Business Insurance Cyber Risk Summit May 22, but “if it’s just this, we lose.” A series of steps to follow up includes reauthorizing the country’s intelligence agencies, and moving on a Senate bill that would allow the federal government and private industry to better share cyber threat information. “We think we can get a classified relationship in a classified setting to share malware in real time, so that by the time it hits your business it has some sanitization in it,” Rogers told Summit attendees, adding, “It is shocking it’s taken all of us this long to finally, maybe, wake up to the real threat to future economic prosperity in the U.S.”

Making cybersecurity discussions a mandatory first step in trade negotiations would also help move the issue to the fore, Rogers said. “This notion that we’ll have these discussions at a diplomatic level no longer works,” he said. “No trade negotiations, no bilateral relationship that doesn’t talk about cyber theft as part of solving this problem… We have to continue to put this pressure on.”

Insurance Firms Can Provide Crucial Cybersecurity Carrot For Firms

According to Rogers,  relying on slow-moving government actions is one sure way to fall behind the issue. “You don’t want the government to regulate what companies do on this front because it’ll be out of date the day it’s signed into law,” he said. Rather, insurance companies should lead the charge, mandating that companies provide detailed cyber threat plans before offering coverage. “Where are the carrots to get companies to do this? I think the best one we have is to go to cyber insurance and have them say, show me your cyber security plan before I give you any coverage,” Rogers said.

If pressure from insurance companies doesn’t get the attention of the C-Suite, then public pressure and firings might. “You saw what the private market did to Target,” Rogers said, referring to the ouster of CEO Gregg Steinhafel just months after that company experienced a massive data breach. “If I’m the CIO, I think, uh oh. The CEO — he lasted what, three months? Those are the right signals to send to the board to punish these guys, because I’m sure they said they had the best system in the world.”