By Reps. Andy Barr and Frank Lucas: On May 13, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) issued a notice to all U.S. organizations researching treatments, diagnostics, and vaccines for COVID-19. Chinese hackers, they warned, are targeting universities and health care institutions, attempting to compromise our efforts to combat COVID-19.
The Chinese Communist Party’s (CCP) attempts to infiltrate our universities and steal our intellectual property are not new, unfortunately. But because of COVID-19, the urgency to address this theft has grown.
CCP theft of our COVID-19 research has significant consequences. Private patient data is stolen, public health data is corrupted, and our progress towards vaccines and treatments is halted, all while lives hang in the balance. And make no mistake – should China use our research to develop a vaccine first, we should not expect it to be shared with us. In fact, given the CCP’s unwillingness to share information, we may not even be able to trust the safety of such a vaccine if we’re prevented from seeing the underlying data. We simply cannot afford cyber-attacks on critical taxpayer-funded research.
Recognizing the growing threat from the Chinese Communist Party, Congressional Republicans created the China Task Force to analyze the extent of the problem and propose policy recommendations to keep America competitive. Identifying cybersecurity solutions has been a critical part of this work.
We’re fortunate that the United States has a world-class institution that is already doing exceptional work to strengthen our cybersecurity. While the FBI protects us against foreign cyber operations, and CISA protects the nation’s critical infrastructure, the National Institute of Standards and Technology (NIST) sets cybersecurity standards for federal agencies and provides guidance and best practices for private industry.
In other words, NIST provides government and businesses the practical tools they need to develop and implement smart and strong cyber protections. This work is done through the NIST Cybersecurity Framework, which organizes cybersecurity activities into five broad categories: identify, protect, detect, respond, and recover from threats. This framework allows entities to organize information, address weaknesses, and manage risk more easily.
In 2018 we passed a law directing NIST to extend their work and tailor this framework to small businesses, which have very different structures and needs than large companies or government agencies. Since NIST launched its framework for small businesses, we’ve already seen widespread adoption and successes. Why does this matter? Because we already know that NIST can identify the unique challenges facing different industries and modify its framework to provide customized support.
Just as small businesses have different cybersecurity needs than government agencies or large companies, so too do universities and research centers. There has never been a more important time to provide these institutions the best available cyber protection tools as China targets them for their work on COVID-19.
We’ve introduced legislation that directs NIST to provide a tailormade guidance based on the gold standards NIST framework for our universities and research centers. This guidance will be not only be specific to the unique needs of our research enterprise but will also provide precise tools that allow institutions to make appropriate plans based on the size of their organization and the sensitivity of the data being used.
Helping to defend our universities and research centers from attacks by China is one of the most straightforward and commonsense actions we can take to support the effort to prevent and treat COVID-19 cases. Moreover, it helps us to protect other valuable and sensitive research being done across the United States.
The Chinese Communist Party has made it clear that they plan to become the global leader in industries of the future like artificial intelligence, quantum technology, and advanced manufacturing. Part of their strategy is acquiring our research, either through investment or theft. If they surpass us in these technologies, the consequences will be just as dangerous as if hey surpass us in the fight against COVID-19. It’s our responsibility to protect our research and our data, and fight Chinese hacking and theft.
Andy Barr represents the 6th District of Kentucky and Frank Lucas represents the 3rd District of Oklahoma and is ranking member of the House Science, Space, and Technology Committee.