Dear Mr. Patterson:

Thank you for your letter regarding the recent cyber attack on Sony Picture Entertainment. I appreciate the time you took to write, and I look forward to the opportunity to share my views on the subject.

In November 2014, Sony Pictures Entertainment stated that it had been a victim of a destructive cyber attack that caused widespread damage and stole significant amounts of data from its corporate servers.  A group called the "Guardians of Peace" claimed responsibility for the attack.  However, on December 19, 2014, the Federal Bureau of Investigation announced that it had "enough information to conclude that the North Korean government is responsible" for the cyber attacks against Sony Pictures.

The attack on Sony is notable both because of its scale and the fact that the attack was conducted with the intent to physically destroy systems and not simply to steal data.  This new objective of attack suggests that cyber intrusions may have entered a new and more destructive phase.  As the global trend of cyber attacks continues to tick upward, I believe that legislation must be enacted to strengthen the cyber defense of both our government and those of private industry.

To that end, Senator Saxby Chambliss and I introduced the "Cybersecurity Information Sharing Act" (S. 2588) in the 113th Congress.  This bill would have required the federal government to share information about cyber threats with private sector companies and would have allowed, but not required, companies to share threat information with the government under appropriate privacy protections.  The Senate Intelligence Committee approved the bill on July 8, 2014 by a bipartisan vote of 12-3, but it did not receive Senate action prior to the Senate's adjournment in December 2014.  I am currently working with Senator Richard Burr to introduce the bill again in the current Congress.

Again, thank you for your letter.  I will keep your concerns in mind as Congress continues to consider methods for combatting cyber attacks.  If you should have any additional questions or concerns about legislation to combat cyber threats, I invite you to contact my Washington, D.C. office at (202) 224-3841.

Sincerely yours,


  Dianne Feinstein
         United States Senator