Share This Page

Obama cyber defense plan would concentrate first on protecting trade secrets

| Wednesday, Feb. 20, 2013, 11:29 a.m.
The agency that tracks federal travel did not report hundreds of expensive personal trips aboard government planes for senior Justice Department officials, including Attorney General Eric Holder, according to a watchdog report.
Justin Merriman | Tribune-Review
Potential deterrents should include not only trade sanctions but also the threat of offensive cyber attacks and military response, Paul Kaminski, a member of President Obama’s Intelligence Advisory Board, told the Trib on Wednesday, Feb. 20, 2013. Justin Merriman | Tribune-Review

Rhetoric and diplomatic sanctions alone will not deter hackers from attacking U.S. government and business computers, security experts said in response to a White House strategy on cyber theft announced on Wednesday.

Obama administration officials outlined plans to work with trade partners and domestic law enforcement agencies to combat computer theft of trade secrets, copyrights and patents. But security experts said the country must identify clear consequences for anyone attacking government and corporate computer networks.

“They know we're doing a lot of chest pounding and that we're frustrated at the lack of willingness by our own corporations to lock themselves down,” said James Gabberty, a Pace University professor and visiting scholar in Hong Kong. “It's pretty embarrassing that the technology these guys are using is not sophisticated. It's not rocket science.”

The White House strategy report, “Administration Strategy on Mitigating the Theft of U.S. Trade Secrets,” calls for increased cooperation with foreign countries and diplomatic pressure on bad actors.

Computer attacks by foreign adversaries not only threaten American companies but also public safety, U.S. Attorney General Eric Holder said.

“Allowing hostile states to obtain data and technology can endanger American lives, expose our energy, financial or other sensitive sectors to massive losses or make our infrastructure more vulnerable to attack,” Holder said.

The Obama administration plans to:

• Set out voluntary best practices for targeted industries such as manufacturing, defense and power generation;

• Help companies identify and prevent trade secret theft; and

• Expand education programs about computer security dangers.

The Department of Defense would collect, analyze and report computer threat information about defense and other key industries.

The Tribune-Review reported in its computer security series, “Cyber Rattling: The Next Threat,” that criminals, terrorists, activists and hostile foreign countries are stepping up attacks in an attempt to create disruptions and cause destruction.

Computer spying also threatens the nation's economic security by giving foreign competitors unfair advantages, Victoria A. Espinel, coordinator of U.S. Intellectual Property Enforcement, said at the White House event. “The theft of trade secrets impacts national security, undermines our global competitiveness, diminishes U.S. export prospects and puts American jobs at risk.”

Security experts said the United States must do even more to outline sanctions and retaliation for computer attackers.

Potential deterrents should include not only trade sanctions but also the threat of offensive cyber attacks and military response, Paul Kaminski, a member of President Obama's Intelligence Advisory Board, told the Trib. Just as in the Cold War, potential attackers must know there will be consequences.

“You need to have several arrows in your quiver,” Kaminski said. “As a nation, we don't want to depend only on the cybertools we have. We want to depend on all the responses we have.”

The White House event featured executives from General Electric; American Superconductor, known as AMSC; and the Information Technology Industry Council.

A former employee of AMSC helped a Chinese competitor steal information related to wind turbine manufacturing, causing significant damage and job loss, John Powell, the company's vice president and general counsel, said in a statement. The employee confessed and was convicted of theft. AMSC has filed intellectual property lawsuits against the competitor in China's courts.

“We applaud the administration for focusing on this issue and formulating a strategy around the protection of intellectual property,” Powell said. “This is a topic of vital importance not only for companies, but also for our nation as a whole.”

Mandiant, a private computer security company in Alexandria, Va., this week identified a “long-running and extensive cyber espionage campaign” that it said emanates from China and likely receives government support.

The Chinese government denied sponsoring computer attacks, saying it prohibits them and has done what it can to combat such activities in accordance with Chinese laws. Chinese officials say Mandiant and the United States have no physical evidence that computer attacks have come from its military and contend that such talk is counterproductive.

Yuan Gao, a spokesperson at the Chinese Embassy, told the Trib that “China would like to work with the U.S.” to combat such attacks.

Because China has been accused of sponsoring attacks on companies to steal trade secrets, the United States might respond with trade sanctions against companies that are benefiting from stolen intellectual property, said Dmitri Alperovitch, co-founding chief technology officer of CrowdStrike, a security technology company in Irvine, Calif. U.S. companies also could be encouraged to file civil actions against the attackers, he added.

The United States' response to Iran, which is blamed for mounting disruptive attacks, should be different, Alperovitch said.

Rep. Mike Rogers, chairman of the House Intelligence Committee, told the Trib last week that he suspects Iran set off recent “denial of service” attacks against PNC Bank and other U.S. banks, preventing customers from accessing their accounts online.

Dealing with a country with the size and capability of China, the United States must not overreact, Alperovitch said. Computer spying has not killed anyone or destroyed property, he said.

“The thing we need to do the most is make sure it doesn't get out of hand,” Alperovitch said. “Our relationship with China is multifaceted, and there's a lot of danger that this could escalate into something else.”

Andrew Conte is a staff writer for Trib Total Media. He can be reached at 412-320-7835 or andrewconte@tribweb.com.

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.