Sen. Carper Statement on Alleged International Scheme to Use Computer Viruses to Steal Millions of Dollars from U.S. Banks

WASHINGTON – Sen. Tom Carper (D-Del.), a senior member of the Senate Homeland Security and Government Affairs Committee, released the following statement on today’s announcement by the Federal Bureau of Investigation that U.S. law enforcement officials have arrested more than 60 people in connection to an alleged international scheme to use computer viruses to steal million of dollars from U.S. banks:   


"Today’s announcement by the FBI that U.S. Law enforcement officials discovered yet another international scheme to inflict harm on Americans via the Internet is underscores why we must be taking cyber security seriously and make it a vanguard issue in this country. Although I am relieved to hear that the scheme was detected before it was executed, we know from experience that another cybercrime is being formulated as we speak.


"Nearly every critical system and network that runs our nation’s financial systems, air traffic control, electric grid, and other vital networks are vulnerable to a cyber attack. In fact, foreign intelligence agencies likely have targeted these systems and at times compromised them. Some have argued that the threat of a cyber attack isn’t real, or is being over-hyped, but the reports we receive of foiled plots shed light on the fact that cybercrime is real.  It may be just a matter of time before a large scale attack is fully deployed. This latest revelation underscores the scary reality of how vulnerable we really are to cyber criminals, terrorists, and nation-states seeking to use technology to steal from us or do us harm. 


"Our nation must recognize the growing threat of a cyber attack and, like we do for a physical attack, make ourselves as prepared as we can possibly be. Just last month, my home state of Delaware graduated twenty students from an intense first-of-its-kind week long summer camp that teaches young people with an interest in technology the skills needed to defend against these sophisticated types of attacks. This is a good first step, but we need a more robust effort from the federal government to build our defenses and build the kind of skilled workforce we need to protect our vital networks.  


"In June, I teamed up with other members on the Homeland Security and Governmental Affairs Committee to introduce legislation – the Protecting Cyberspace as a National Asset Act of 2010- that will not only defend against these types of attacks, but prevent them before they even happen. While Congress and other officials are working to protect our national cyber infrastructure, the risk of an attack on Americans’ personal information is still very real. That’s why Sen. Bob Bennett (R-Utah) and I introduced the Data Security Act of 2010 to safeguard consumers’ highly sensitive personal information from being compromised by a store, a school, or some third party data center. Our bill would replace the current patchwork of state and federal regulations for identity theft with a national law that would provide uniform protections across the country, making it easier for businesses and government agencies to take the steps necessary to adequately protect all Americans from identity theft and account fraud.


"We won’t be as safe as we should be until we ensure that a fully capable civilian agency is at the helm of our cyber security efforts, working as an open and transparent partner with the private sector to defend our nation from these types of attacks. It is critical for Congress and the Administration to come together and deal with this threat – and soon– before it’s too late."


Sen. Carper has been a national leader on cyber security issues and, as chairman of a key Senate Homeland Security subcommittee, has chaired several hearings over the past three years examining ways to more effectively secure the U.S. from cyber attacks. These hearings culminated in June 2010 when the Homeland Security and Governmental Affairs Committee passed comprehensive cyber security legislation, the Protecting Cyberspace as a National Asset Act of 2010 (S.3480). Sponsored by Sens. Tom Carper (D-Del), Joe Lieberman (ID-Conn.) and Susan Collins (R-Maine), this legislation aims to modernize, strengthen and coordinate the security of the federal, civilian and private sector critical infrastructure networks. One key provision in the bill would also provide the Department of Homeland Security with the authority to develop and bolster cyber security challenges across the nation in order to identify, educate and train the future cyber security workforce. 


Sen. Carper and Sen. Bennett’s bill, The Data Security Act of 2010, would require entities such as financial establishments, retailers and federal agencies to safeguard sensitive information, investigate security breaches and notify consumers when there is a substantial risk of identity theft or account fraud. These new requirements would apply to retailers who take credit card information, data brokers who compile private information and government agencies that possess nonpublic personal information. The Data Security Act of 2010 is modeled after the data security and breach-response regime established under the Gramm-Leach-Bliley Act of 1999, and subsequent regulations. It builds on existing law to better ensure federal and state regulators comply with the law and to make sure that data security procedures are uniformly applied.  Regulators of entities who do not comply would have the authority to levy finds, require corrective measures or even bar individuals from working in their respective industries.