The Obama administration has been lobbying congress to increase sentences for those who break into government computer networks, or potentially endanger the country’s national security.
The request includes doubling the maximum prison sentence to 20 years behind bars, according to Reuters.
Talks on changes to the cybersecurity bill have being going on for over a year.
Recent high-profile attacks, including attacks on the CIA, the International Monetary Fund and military contractors serve to underpin the government’s concern that its cyber laws may need updating to combat today’s threat.
What complicates matters is that it’s no easy task to track down skilled hackers, as they are intent on keeping their anonymity. They could be based anywhere on the globe, and using any number of third-party machines, with or without authorisation, to mask their true location and identity.
But there’s another factor which requires consideration. Motive.
Does the US really want to spend huge amounts of resources to locate and identify a cyber prankster who wants his or her 15 minutes in the spotlight? No matter how disruptive it is to DDoS or pwn a site, should they be given the same focus as someone who is intent on threatening national security by stealing highly sensitive information?
It seems to me that there was a big difference between attacks like those perpetrated by hacktivists which brought down the CIA website, and serious organised infiltration of networks to steal confidential information.
The motivation for hacktivists may be to gain some kudos from their peers on the internet, or to show off to rival groups, or simply a case of being bored and committing a cybercrime “because they can”.
But those hacktivists who expose firms’ security weaknesses or embarrass companies for the “lulz” are not likely to be deterred by an increase in the criminal penalties. A better way to prevent them may be to make sure that your own networks and websites are in order where security is concerned.
Consider the current hacking mayhem as a wake up call. Don’t sit back and wait for arrests to happen. If you are unsure as to the quality of your network’s security, it is a pretty good time to review it. After all, it is not just your company info and reputation that is at risk, but potentially your customers, who trusted you to keep their information safe from harm.