Americans are painfully aware that the worldwide coronavirus pandemic has demanded an unprecedented policy response from the federal government. From trillions spent to keep closed businesses and unemployed Americans afloat to the extraordinary mobilization of public and private resources that went into the successful Operation Warp Speed program to develop a COVID-19 vaccine, the level of federal intervention has been high and proportionate to a once-in-a-lifetime public health emergency. Given the massive economic, social, and medical costs of combating a virus that has taken over 200,000 American lives, most policymakers have understood the necessity of swift and dramatic action.
What may not be apparent is how addressing the growing threat of foreign-sponsored hacking is an equally urgent priority, and is part and parcel of our nation’s response to the COVID epidemic. Thus far, Washington has failed to confront this aspect of the Coronavirus crisis, but recent events have made tackling the foreign cyber-threat an urgent priority.
Just last week, the Washington Post reported that foreign hackers have been actively attempting to penetrate the cyber codes protecting our new coronavirus vaccines during storage and transport in order to steal information, including details about technology and contracts.
According to the report, possible goals of the foreign government-backed hackers could include creating widespread confusion and distrust, disrupting vaccine supply chains, and getting insight into the “purchase and movement of the vaccine” that could help them illegally obtain it on the black market.
At this point, it’s unclear whether any of the hacking attempts succeeded, but the U.S. Cybersecurity and Infrastructure Security Agency has alerted organizations involved with storage and distribution of the vaccine to be on high alert.
This isn’t the first red flag that should have alerted Washington to the necessity of countering the foreign cyber threat when it comes to our COVID response. In March, “hostile foreign actors” attacked the computer system of the U.S. Department of Health and Human Services. In early April, we began receiving information that foreign-sponsored hacking of U.S. hospitals had “significantly increased,” and that the bad foreign actors involved were seeking to disrupt our health care system.
The FBI and DHS issued urgent alerts over the summer warning of the ongoing efforts of foreign-backed hackers and spies to steal research related to vaccines and treatments. Foreign-state and state-sponsored actors from Iran, Russia, North Korea, and (most importantly) China have seized on the pandemic to victimize the U.S. government, state governments, private entities (including vaccine companies), and countless individuals, inflicting untold damage to our national security, our efforts to combat the virus, and the well-being of millions of Americans.
Nothing effective has been done to deter these attacks on our national security, and our intelligence agencies and policy experts tracking the issue are gravely concerned.
Fortunately Congress already has the means to address this crisis in the form of H.R. 4189, the bipartisan HACT Act introduced by myself and Rep. Andy Kim (D-N.J.), which the House passed by an overwhelming 336-71 vote in July. The bill would give American victims, for the first time, legal recourse in cases of malicious hacking conducted by foreign governments or their agents. It would do so by carving out a cyberattack exception to the Foreign Sovereign Immunities Act (FSIA), which currently shields foreign state actors from lawsuits filed in U.S. courts, protecting them from any form of accountability in cases of state-sponsored hacking.
The HACT Act is the only viable piece of legislation on the table to address this grave national security threat. It is the only vehicle available to give Americans some recourse against rampant foreign-sponsored hacking; and unless we take advantage of this opportunity, we will continue to leave our citizens, our businesses, and our health care system vulnerable to foreign cyber threats for the foreseeable future.
Malicious foreign actors currently are devoting all of their energies toward conducting an all-out cyber war against the United States; and if Congress doesn’t act now, they will continue to operate with impunity.
Without accountability, foreign states and their agents have no deterrent as they continue to prey on government agencies, businesses, and individuals, seriously undermining our fight against the virus. Providing basic protection for U.S. citizens from cyberattacks orchestrated by foreign governments is a vital national security matter. Anything less amounts to an abdication of the fundamental responsibility of our government to protect its citizens.
Congress can immediately address this crisis by incorporating the HACT Act as an amendment to the new COVID relief bill headed for passage before the end of this lame duck session, and before more damage is done to our national security.
The prospect of the seizure of foreign assets held in the United States is a strong and practical disincentive to future cyberattack sponsors aiming to harm our citizens and our institutions. The Trump Administration supports immediate congressional action to address the growing cyber threat (White House Chief of Staff Mark Meadows was one of the original cosponsors of H.R. 4189).
Enacting a massive bipartisan effort (perhaps the only important bipartisan amendment in play right now) to address the imminent threat of foreign hackers continuing to take advantage of our public health crisis is essential. The HACT Act is a critical national security measure needed to protect the U.S. government, our health care system, and our citizens from the ongoing cyber threat—crucially important in this time of national trial.