Cybersecurity fears threaten relations

US cybersecurity fears are directed at China given its rapid development of sophisticated technology and the perception that it is capable of probing critical infrastructure and military computer systems and could potentially disrupt or destroy vital networks.

The FBI's top cybersleuth, in an interview upon his transitioning to the private sector, asserted that China is capable not only of stealing sensitive information, but of manipulating and destroying it. Another high-ranking Pentagon official warned that even a limited cyberattack on the nation's power grid or financial system could spark public panic.

Advances in technology now far outpace effective government oversight of this global phenomenon, which is why it has become a high priority. But as both the Obama Administration and Congress have come to appreciate, cyberattacks are cheap and easy to launch while defending against them is difficult and expensive.

There is no shortage of ideas on how best to address the problem. The House of Representatives is considering a number of proposals and last week passed the Cyber Intelligence Sharing and Protection Act, which had a bipartisan imprint but was eventually opposed by the Obama Administration and House Democrats who were worried about consumer privacy and the sharing of sensitive information between private companies and government intelligence agencies.

But there is more, much more, to come. Senator Joe Lieberman, who chairs the Senate Homeland Security Committee, has taken the lead on legislation that goes further by charging the government to be more proactive in safeguarding the nation's critical infrastructure. When first introduced, the Lieberman bill had bipartisan support, but now the Senate Republicans have introduced an alternative that would keep government involvement at a minimum.

Whatever the fate of the pending legislation, there is nothing in the various bills addressing the global supply chain problem. This could easily escalate tensions between the US and China if not addressed. FBI Director Robert S. Mueller III reflects the view of many in the security community when he predicts that cyberattacks will likely eclipse terrorism as the top menace to the country.

Such statements usually imply that China is the biggest threat. But the real problem is the absence of a government policy or process for dealing with the importation of sensitive technology that could threaten America's national security. It has not always been this way.

During the 1970s, the US was superior and pre-emptive in all forms of technology, and the greatest threat was perceived to be the Soviet Union. Congress established an interagency process to review the export of all forms of critical technology with the authority to deny an export license if it was determined that the technology involved might enhance adversarial nations' military capability.

As chairman of the House Foreign Affairs Subcommittee on International Trade and Economic Policy, I was approached by then Secretary of Commerce Malcolm Baldrige, who felt the process was being dominated by security agencies that were imposing unnecessary restrictions on US technology exports. We worked together to advance reforms in the re-authorization of the Export Administration Act of 1979 that eventually allowed US companies to be more competitive internationally.

The only other relevant Federal law that directs government agencies to review and possibly reject transactions that involve foreign entities is the Committee on Foreign Investments in the United States, an interagency process that is designed to provide an objective, non-partisan mechanism to review foreign investments in America's critical infrastructure (the power grid, port facilities and critical technology). CFIUS being limited to evaluating foreign investments lacks sufficient authority and capability to evaluate the volumes of sophisticated technology entering the country daily.

Today's cybersecurity threats are more global and although there is a general recognition that the global supply chain opens a pathway for the insertion of vulnerabilities into our critical infrastructure networks, the US government has no formal mechanism, similar to the interagency review process involving technology exports, to address this larger problem.

The absence of an oversight process has led some US officials to intervene directly in commercial transactions, often by placing discrete phone calls warning US companies to avoid any transaction that involves a particular foreign supplier, which has effectively blocked a number of sales over alleged security concerns.

Singling out a particular country when most of the today's technology suppliers are foreign-based will not adequately address the concerns about cybersecurity in today's global supply chain.

Until Congress establishes a systematic and transparent means of providing effective oversight over the flow of critical technology into the country and treats all foreign suppliers equally, China will continue to be subject to discriminatory treatment.

The author is a former US congressman and expert on international trade and investment. He is an executive vice-president at APCO Worldwide, whose clients include Chinese firms.