Our conflict with Iran over the past week has exposed the increasing dangers for the public in a new age of asymmetric warfare.
The Iranian regime inflicted no casualties with its missile launch, but it has a long history of using unconventional means to attack us. They’ve fought proxy wars in Iraq, kidnapped our citizens, bombed our military barracks in Lebanon, funded terrorist proxies such as Hamas and Hezbollah in Gaza and Lebanon, and hacked our citizens.
As Iran lashes out, we must be prepared for anything. At the top of our government’s list of concerns are cyberattacks.
The Iranians reportedly attempted 10,000 cyberattacks on government agencies in Texas at the beginning of the month. They have targeted U.S. banks, U.S. dams, and even the NASDAQ stock exchange.
In February 2014, Iranian attackers went after prominent Republican donor Sheldon Adelson by inserting malware into the computer networks of his Las Vegas casino. It destroyed three-quarters of the company’s Las Vegas servers, costing tens of millions of dollars.
Unfortunately, our government has fallen short when it comes to protecting citizens from cyberattacks such as this and providing victims a pathway to restitution and recovery. And this danger doesn’t just lie with Iran.
Many of America’s adversaries have used digital tools to harass, intimidate, and steal from U.S. citizens. North Korea hacked Sony. Russia hacked the DNC. China hacked the Office of Personnel Management.
In 2015, Russia targeted Liz Snell, the wife of a U.S. service member, hacking her nonprofit organization, Military Spouses of Strength, targeting four other military spouses. Another military spouse, Lori Volkman, had to nearly go into hiding to avoid the ire of Russian hackers after the death of her husband overseas, a U.S. Marine.
And those are just the stories we’ve heard about.
Today, an untold number of Americans have suffered from foreign-sponsored cyberattacks. They have stolen data, hacked and leaked personal information, revealed trade secrets, and more.
This behavior cannot be allowed to stand. We must do a better job protecting our constituents and all of the public from foreign harassment and cyberattacks online. That’s why Americans for Transparency and Accountability strongly supports a bill that will hold foreign governments and their agents accountable for nefarious cyberactivities that harm U.S. citizens. This bill, H.R. 4189, the Homeland and Cyber Threat Act, or the HACT Act, creates a much-needed “Cyberattack Exception” to the Foreign Sovereign Immunities Act, or the FSIA.
To understand the bill, you need to understand the historical context. FSIA was signed into law in the late 1970s, when terms such as the internet, cyberattacks, and hacking had yet to enter the vernacular. It may seem crazy, but, once upon a time, nobody worried about compromising photos leaking in an iCloud hack or Social Security numbers being stolen in phishing scams or millions of emails being held hostage or leaked for nefarious purposes.
As it stands now, FSIA doesn’t go far enough to protect American citizens in the internet age. In fact, the law actually precludes civil suits in U.S. courts against foreign governments who attack U.S. citizens online.
When we are attacked, we must have a pathway to striking back and defending ourselves, whether on the battlefield or the cyber world.
The future of warfare is moving into your smartphone, your computers, and your tablets. At a time when our nation risks going to war with Iran, the basic protection for U.S. citizens from cyberattacks orchestrated by Iran and other adversaries is of the utmost importance. Anything less would amount to an abdication of the fundamental responsibility of our government to protect its citizens.
Kirk Thompson is the president of Redshift Strategy and a board member of Americans for Transparency and Accountability.
