The Obama administration yesterday released a new strategy aimed at reducing the theft of the country’s trade secrets and intellectual property in response to what it says is an increasing threat to the economy of the United States
The strategy’s release comes a day after a United States-based cyber security firm reported what it believes is an organization linked to the Chinese military has been engaged in sustained cyber espionage against U.S. and international firms in a wide range of industries dating back seven years (Defense Daily, Feb. 20). In its report, Mandiant Corp. says that information technology firms were targeted the most by the Chinese group, called APT1, followed by aerospace companies.
The same day that Mandiant’s report came out, James Lewis, a cyber security expert with the Center for Strategic and International Studies, released a report saying that the United States faces significant threats from cyber espionage and cyber crime.
Cyber espionage and crime by Russia and China against the United States “is largely unbounded,” Lewis says in his report, Conflict and Negotiation in Cyberspace. “This is a primary source of risk to the United States because these two nations have advanced cyber capabilities, are hostile, and are becoming more assertive militarily. Developing techniques that constrain Russian and Chinese cyber activities is a priority for national security.”
The Administration Strategy on Mitigating the Theft of U.S. Trade Secrets that was released yesterday contains five action items, including increased international engagement, both with governments of countries where theft is occurring and with allies to build coalitions to thwart theft.
Another action item is the promotion of voluntary best practices by private industry to protect trade secrets. Obama last week issued an executive order on cyber security that directs the federal government to share classified and unclassified cyber threat data with select private critical infrastructure owners and operators in the United States that want to receive the data and to work with these private sector partners on consensus-based standards and best practices that industry can voluntarily adopt to bolster their cyber defenses.
In his report, Lewis says that voluntary actions on the part of the private sector are not enough to thwart cyber espionage.
“The many successful attacks against companies highlight the difficulties for any private sector actor to successfully defend against foreign military and intelligence services,” Lewis says.
Additional strategic actions contained in the strategy to reduce trade theft include enhancing domestic law enforcement actions such as improving information sharing with law enforcement agencies and the intelligence community, improving domestic legislation, and increasing public awareness and stakeholder outreach.
There are two categories of companies that have been affected by having their trade secrets stolen, U.S. Attorney General Eric Holder said during a briefing to introduce the new strategy.
“Those that know they’ve been compromised and those that don’t know it yet,” Holder said.
Holder also said that the United States is “fighting back more aggressively and more collaboratively than ever before.”