By Congressman Andy Barr and House Science Committee Ranking Member Frank Lucas
On May 13, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) issued a notice to all U.S. organizations researching treatments, diagnostics, and vaccines for COVID-19. Chinese hackers, they warned, are targeting universities and health care institutions, attempting to compromise our efforts to combat COVID-19.
Unfortunately, the Chinese Communist Party’s (CCP) attempts to infiltrate our universities and steal our intellectual property are not new. But because of COVID-19, the urgency to address this theft has grown.
We simply cannot afford cyber-attacks on critical taxpayer-funded research. CCP theft of our nation’s COVID-19 research has significant consequences for U.S. citizens. These attacks steal private patient information, corrupt public health data, and halt our progress towards vaccines and treatments, all while lives hang in the balance. And make no mistake — should China use our research to develop a vaccine first, we should not expect it to be shared with us. In fact, given the CCP’s unwillingness to share information, we may not even be able to trust the safety of such a vaccine if we’re prevented from seeing the underlying data.
Recognizing the growing threat from the Chinese Communist Party, congressional Republicans created the China Task Force to analyze the extent of the problem and propose policy recommendations to keep America competitive. Identifying cybersecurity solutions has been a critical part of this work.
We’re fortunate that the United States has a world-class institution that is already doing exceptional work to strengthen our cybersecurity. While the FBI protects us against foreign cyber operations, and CISA protects the nation’s critical infrastructure, the National Institute of Standards and Technology (NIST) sets cybersecurity standards for federal agencies and provides guidance and best practices for private industry.
In other words, NIST provides government and businesses with the practical tools they need to develop and implement smart and strong cyber protections. This work is carried out through the NIST Cybersecurity Framework, which organizes cybersecurity activities into five broad actions: identify, protect, detect, respond, and recover from threats. This framework serves as the gold standard for the cyber protection and allows entities to organize information, address weaknesses, and manage risk more easily.
In 2018, we passed a law directing NIST to expand this work and tailor their framework to meet the specialized needs of small businesses, which have very different structures than large companies or government agencies. Since NIST launched its framework for small businesses, we’ve already seen widespread adoption and successes across the country. Why does this matter? Because we’ve already proven that NIST can identify the unique challenges facing different industries and modify its framework to provide customized support.
Just as small businesses have different cybersecurity needs than government agencies or large companies, so too do universities and research centers. As China targets their essential work on COVID-19, there has never been a more important time to provide these institutions with access to the best available cyber protection tools.
That’s why we’ve introduced legislation that directs NIST to provide tailormade guidance based on the NIST framework for our universities and research centers: the NIST COVID–19 Cybersecurity Act. NIST’s guidance will identify the specific needs of our research enterprise and provide precise tools that allow institutions to make appropriate individual plans based on the size of their organization and the sensitivity of the data being used.
Helping to defend our universities and research centers from attacks by China is one of the most straightforward and commonsense actions we can take to prevent and treat U.S. COVID-19 cases. Moreover, this initiative will provide us with valuable insight needed to protect other mission-critical research being conducted across the United States.
The Chinese Communist Party has made it clear that they plan to become the global leader in industries of the future like artificial intelligence, quantum technology, and advanced manufacturing. Part of their strategy is acquiring our research, either through investment or theft. If they surpass us in these technologies, the consequences will be just as dangerous as if they surpass us in the fight against COVID-19. It’s our responsibility to protect our research and our data and fight Chinese hacking and theft.