Recently, there has been a tirade of executive orders and government announcements concerning cyber attacks. All circling back to issues of economic stability and national security.
The concern is that cyber attacks involve theft of trade secrets. Trade secrets include client lists, business models, or product ingredients like the recipe for Coca-Cola. Theft can cost millions or billions of dollars from a single instance leading to layoffs, lost sales, office or factory closures, and even bankruptcy. Essentially businesses lose their competitive edge. The traditional method of espionage was to recruit former or current employees, but cyber attacks are an increasingly real danger.
In regards to national security, Gen. Keith Alexander, the top officer at U.S. Cyber Command, heads 13 teams with the mission of guarding the U.S. in cyberspace. He does not consider trade secret theft or espionage to be acts of war until the intent becomes to “disrupt or destroy the U.S. infrastructure.” This could involve targeting banking institutions, chemical facilities, or water treatment plants. Then a line has been crossed and national security is at stake.
On February 12, 2013, President Obama signed an executive order titled, Improving Critical Infrastructure Cybersecurity. In brief, the goal is to “increase the volume, timeliness, and quality of cyber threat information.”
There are two major demands on government agencies, amongst a slew of others. One, the Order requires a “Framework” be developed for private companies involving standards and procedures for risk reduction. Catering to businesses, it must be performance based and cost-effective, and the government intends to provide an incentive program. Second, the Order requires a listing of critical infrastructures who could bring about “catastrophic regional or national effects on public health or safety, economic security, or national security” if a cyber attack was successfully executed. Amongst the companies in interest are those operating power grids, telecommunication systems, and banks.
All these efforts are in hopes that private entities will chose to participate in the program, and thereby, receive help and advice on reducing their risk of cyber attack. This will promote greater economic stability and national security.
On February 20, 2013, the White House released a report on proposed strategies for protecting trade secrets of U.S. businesses. It focused on five areas of improvement: diplomatic efforts, industry best practices, domestic law enforcement, domestic legislation, and public awareness. Necessarily, these efforts require the participation of a number of administrative agencies including the departments of Commerce, Defense, Homeland Security, Justice, State, and Treasury.
The Department of Justice has made the investigation and prosecution of trade secret theft a priority, and the Department of Defense will provide education on counterintelligence to certain “cleared industry partners” that work with the U.S. government.
This report came a day after a cyber security firm, Mandiant Corp., publicly accused the Chinese government of heading attacks against at least 141 different organizations since 2006. In a report divulging its research data and discoveries, Mandiant identifies the 2nd Bureau of the People’s Liberation Army as the source of the attacks.
In response to the accusation by Mandiant, a spokesman for the Foreign Ministry of China, Hong Lei, resolutely “denied any involvement,” holding the Chinese 2nd Bureau itself to be a victim of such attacks.
U.S. counterintelligence officials unabashedly declared China to be the world’s largest “perpetrator of economic espionage.” However, when Gen. Alexander was questioned whether U.S. intelligence agencies could determine the exact organizations and companies stealing and profiting from the stolen trade secrets, he simply said there has been increased capabilities in the past years.
In response to the Administrative Announcement, Jason Healey, director of the Atlantic Council’s Statecraft Initiative, applauded efforts to align U.S. trade secret protections with allies, but pointed out that the report did use “the word ‘continue’ more than 20 times,” suggesting ongoing efforts as opposed to new efforts.
For this reason, several persons, including Mr. Healey, have come forward with suggestions for further penalties for cyber piracy.
Mr. Healey recommended that foreign firm officials whose companies benefit from trade secret theft be denied visas and the company be blacklisted from U.S. government contracts.
Peter Toren, a former federal prosecutor, now a computer crimes expert with Weisbrod Matteis & Copley, mentioned a private right of action in federal court against foreign companies committing trade secret theft.
Stewart Baker, a former assistant secretary for the Department of Homeland Security, suggested the government enact punishments similar to those for drug smuggling and trafficking of conflict diamonds. One such punishment effected against companies and individuals involved in cyber piracy would deny them right to operate in the U.S. Another recommendation is to freeze the perpetrators’ funds or seize property in the U.S.
There are plenty of ideas out there, but the question remains whether they would be effective and practical, especially when we are concerned with attacks affecting national security. Most hostile persons attempting to instigate the downfall of the U.S. will not be under U.S. jurisdiction, will not have property in the U.S., and will not expect to be let into the U.S.
There are no easy answers, but collaboration and communication are key to any success. Thus, starting with a tirade of announcements and efforts to share information across the public-private divide seems a good starting point.
* Lindsey M. Chessum is a second year law student at Wake Forest University School of Law. She has a Bachelor’s in Economics & Business and a Bachelor’s in Philosophy from Westmont College. She spent nearly two years in the stock market industry prior to law school, and upon graduation in 2014, Ms. Chessum plans to return to California to practice business law.