OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Hearing of the Financial Services and General Government Subcommittee of the House Appropriations Committee - Questions of Rep. Graves, Hearing on Cyberattacks, Sanctions Against Hackers

Hearing

Date: March 4, 2020
Location: Washington, DC
Issues: National Security Technology and Communication

In today's House Appropriations Financial Services and General Government Subcommittee hearing with U.S. Treasury Secretary Steven Mnuchin, Rep. Tom Graves (R-GA) discussed a number of cyberattacks that have affected millions of U.S. companies, consumers and industries. Specifically, he mentioned the 2014 Sony Corporation hack by North Korea and the 2015 Office of Personnel Management hack by China. Rep. Graves asked what the government's role was in defending against cyberattacks, and whether or not sanctions imposed after a hack were helpful for companies affected by the attacks.

Rep. Graves: "Sony was hacked in 2014, soon thereafter it was determined that North Korea was behind that hack and sanctions were imposed on certain individuals and companies within North Korea. How does that process work? Is that something that is continuing today? How do you measure success, how does that prevent future attacks, and did that prevent future attacks?"

Secretary Mnuchin: "I do spend a significant component of my time looking at cybersecurity issues…we very much support a public-private cooperation and effort...cybersecurity is an ongoing issue. This is a risk that constantly needs to be monitored."

"We need to make sure that our infrastructure is protected and sanctions are just one of the many tools we would use."

Rep. Graves: "It was recently identified that China was responsible for, and people were indicted for, recent hacks here as well. I don't think that sanctions were imposed in that case. Where do you draw that red line, of when sanctions should be imposed, or is it not really an effective response when a foreign-sponsored entity attacks one of our companies?"

Secretary Mnuchin: "As a broad statement, targeted sanctions are very effective. We do coordinate with DOJ, there are times we do things together, there are times where there are sanctions and not indictments, the standards are different."

Last year, Rep. Graves questioned FBI Director Wray about cyber defense, and how the private and public sectors can work together to mitigate threats.

Rep. Graves and Rep. Josh Gottheimer (D-NJ) teamed up last year to introduce the bipartisan Active Cyber Defense Certainty Act (ACDC), which makes changes to the Computer Fraud and Abuse Act (CFAA) to allow authorized individuals and companies the use of new tools and methods to help fight back against hackers. ACDC would allow the use of limited defensive measures that exceed the boundaries of one's network to identify and stop cyberattackers. Once a cybercriminal is identified, the victim can share that information with law enforcement or try to disrupt an ongoing attack.

To learn more about Rep. Graves' work on cybersecurity, please visit tomgraves.house.gov/cyber.


Source
arrow_upward