Continued cyber-attacks on the United States may soon be met with trade or diplomatic punishment against the nations of origin. The Obama administration this week listed more than a dozen instances of international assaults against U.S. businesses, resulting in stolen trade secrets, blunted competitive edge and lost American jobs.
“There are only two categories of companies affected by trade-secret theft: those that know they’ve been compromised and those that don’t know it yet,” U.S. Attorney General Eric Holder said Wednesday during a conference at the White House. “A hacker in China can acquire source code from a software company in Virginia without leaving his or her desk.”
China again denied involvement in cyber-attacks this week, according to The Wall Street Journal, but experts believe that strikes against DuPont, defense contractor Lockheed Martin and many more U.S. firms originated on Chinese soil. “The new push comes on the heels of fresh allegations of Chinese cyberspying ... and represents an effort by Washington to respond to growing complaints about theft of military and corporate secrets,” WSJ stated Thursday.
The White House summed up much of that effort in the pragmatically named report “Administration Strategy on Mitigation the Theft of U.S. Trade Secrets.” It is a five-point plan to:
- Focus Diplomatic Efforts to Protect Trade Secrets Overseas
- Promote Voluntary Best Practices by Private Industry to Protect Trade Secrets
- Enhance Domestic Law Enforcement Operations
- Improve Domestic Legislation
- Public Awareness and Stakeholder Outreach
The report also follows a revelation weeks ago of executive powers allowing the U.S. to launch preemptive cyber-attacks, and President Obama’s mention of cyber-warfare in his State of the Union Address. And the plot continues to thicken.
Making the Case
The Hill noted Thursday that U.S. Congress is juicy and easy prey for cyber-attacks by hacker group Anonymous, as well as foreign intelligence agencies. Military, budget, policy and other sensitive data are on congressional networks, which aren’t protected by adequate defenses against sophisticated hacking.
|A Chinese military unit has stolen data from more than 140 companies across 20 major industries. (photo from Mandiant)|
And Washington D.C.-based cyber-security firm Mandiant released a report Tuesday about a Chinese military unit with English-speaking hackers that has pilfered data from at least 115 companies across major industries in the U.S. since 2006. “APT1: Exposing One of China’s Cyber Espionage Units” describes the People’s Liberation Army Unit 61398 and its status as an Advanced Persistent Threat (APT).
Beijing has spoken out against these types of assertions, saying that the shadowy nature of cyber-attacks makes it difficult to point fingers. But the Obama administration’s strategy report got pretty specific.
“Of the 19 cases that had resulted in charges and convictions detailed in the strategy document,” WSJ noted, “16 involve theft aimed to benefit entities in China, such as stolen hybrid technology from GM and military secrets from defense contractor L-3 Communications Holdings Inc., among others.”
|APT1’s interaction with a spear phishing recipient. (photo from Mandiant)|
Economic and National Security
Stealing know-how from a company, such as GM, negatively impacts is ability to compete in the global marketplace. Spying on defense contractors, such as L-3, compromises national security.
And both of these adversely affect jobs.
Most businesses -- especially technology companies -- can understand the importance of intellectual property, so the White House is right to portray this as an economic and a national security issue.
“U.S. Ups Ante for Spying on Firms” in The Wall Street Journal
“Congress vulnerable to cyberattacks” in The Hill
“President Obama’s New Preemptive Strike Powers Target Cyber-Attackers” in SAP Business Trends