Rep. Mike Rogers, Chairman of the House Intelligence Committee, announced via Twitter Wednesday night (6/5) that “[Thursday] @ 12:30 @RepTimRyan @SenRonJohnson and I will introduce new legislation to hold nation-state cyber hackers accountable.” The new bill, known as the The Cyber Economic Espionage Accountability Act (H.R. 2281) calls for deporting foreign nationals suspected of being cyberspies for other countries. In a press release Rep. Rogers said “[T]his is a vital step to let China know that there are real consequences to stealing American intellectual property and robbing U.S. ingenuity and innovation in order to gain competitive advantage.”
The introduction of the bill came just one day before President Obama meets with Chinese President Xi Jinping in Southern California, presumably in an attempt to get away from the constant spotlight that would have shining on them (particularly now that cyber has become a prominent issue). The focus on China stems from the long held U.S. belief that the People’s Liberation Army launches many of the cyberattacks experienced by the U.S. The release of the APT1 report by Mandiant furthered this belief, though China continues to deny its involvement.
One further thing that the APT1 report did make clear: attribution for cyberattacks takes a considerable amount of work. The current architecture of the Internet does not allow for such attribution to be done easily, meaning that Rep. Rogers bill could wind up being of only limited use since it will continue to be difficult to identify the hackers. Once attribution is made easier, however, it will further strengthen the utility of Rep. Rogers bill and other legislative activities (such as CISPA and related issues, including active cyber response).