The United States of America and China Cybersecurity Treaty
...will it, and should it happen? And what does it mean for the cybersecurity industry? Startups and venture capitalist, listen up...
Recently, there's been an air of silence in the Obama administration about China's cyber attacks on the Office of Personnel Management (OPM). This cyber attack on the American government was an audacious, malicious and devious imprint on American people. I argue though that, rather than jumping into another foolish agreement with a foreign power that has zero respect for American sovereignty, let's consider stronger cybersecurity policy options - these policies will yield better results, and stronger international security.
So, what should the American government do to better protect our people from Chinese cyber criminals? In my cybersecurity book, Cyber Nation, I argue the following for better cybersecurity policies in the USA...
Better American Cybersecurity Policies Include:
#1 Passing economic sanctions every time our country is attacked by a foreign government or state-sponsored hacker. Money talks. Our government should stand up for the people and implement economic sanctions that have triple weight on the nation that sponsored the cyber attack. For example, if an attack against a Fortune 500 company by Russia costs that company $100 million, create sanctions of at least $300 million dollars driven by executive order if necessary.
#2 Establishing a military tribunal to prosecute cyber criminals. There’s no question we’re at war – look no further than the latest attack on the most confidential information from millions of government works. These cyber criminals wear no uniform, act without regard for our population, and continue to cripple our civil and economic infrastructure.
#3 Implementing a zero-tolerance policy. Countries like China control the internet throttle. If we discover IP addresses or internet attacks originating from China, we have to assume the government is responsible. Yes, there are Chinese hackers (independent of the government), but there are virtually no Chinese hackers at the level where they can attack and infiltrate an entire government's computer networks. Thus, if we warn the Chinese government of attacks originating from certain sources, give them a time to cure the problem, and they do not respond/act upon it, then we must go on the offensive and penetrate their networks.
#4 Exposing the cybercriminals’ own private and personal data. Publish their family history, locations, and expose their criminal activity to the world. Let it be known that these egotistical, narcissistic attackers are malignant tumors who should be eradicated.
#5 Creating economic incentives for whistleblowers. If a corporation is attacked and the company or its board knowingly omits or does not disclose the cyber attack, whistleblowers should be able to profit.
#6 Give tax breaks to companies that invest capital in cyber security. Whether it was a tax credit for a percentage or company’s total cyber spend, or a larger deduction for hardware and software (or both) spent to fight cyber crimes, economic incentives would motivate companies to act proactively, rather than retroactively.