Obama cyber defense plan would concentrate first on protecting trade secrets
Rhetoric and diplomatic sanctions alone will not deter hackers from attacking U.S. government and business computers, security experts said in response to a White House strategy on cyber theft announced on Wednesday.
Obama administration officials outlined plans to work with trade partners and domestic law enforcement agencies to combat computer theft of trade secrets, copyrights and patents. But security experts said the country must identify clear consequences for anyone attacking government and corporate computer networks.
“They know we're doing a lot of chest pounding and that we're frustrated at the lack of willingness by our own corporations to lock themselves down,” said James Gabberty, a Pace University professor and visiting scholar in Hong Kong. “It's pretty embarrassing that the technology these guys are using is not sophisticated. It's not rocket science.”
The White House strategy report, “Administration Strategy on Mitigating the Theft of U.S. Trade Secrets,” calls for increased cooperation with foreign countries and diplomatic pressure on bad actors.
Computer attacks by foreign adversaries not only threaten American companies but also public safety, U.S. Attorney General Eric Holder said.
“Allowing hostile states to obtain data and technology can endanger American lives, expose our energy, financial or other sensitive sectors to massive losses or make our infrastructure more vulnerable to attack,” Holder said.
The Obama administration plans to:
• Set out voluntary best practices for targeted industries such as manufacturing, defense and power generation;
• Help companies identify and prevent trade secret theft; and
• Expand education programs about computer security dangers.
The Department of Defense would collect, analyze and report computer threat information about defense and other key industries.
The Tribune-Review reported in its computer security series, “Cyber Rattling: The Next Threat,” that criminals, terrorists, activists and hostile foreign countries are stepping up attacks in an attempt to create disruptions and cause destruction.
Computer spying also threatens the nation's economic security by giving foreign competitors unfair advantages, Victoria A. Espinel, coordinator of U.S. Intellectual Property Enforcement, said at the White House event. “The theft of trade secrets impacts national security, undermines our global competitiveness, diminishes U.S. export prospects and puts American jobs at risk.”
Security experts said the United States must do even more to outline sanctions and retaliation for computer attackers.
Potential deterrents should include not only trade sanctions but also the threat of offensive cyber attacks and military response, Paul Kaminski, a member of President Obama's Intelligence Advisory Board, told the Trib. Just as in the Cold War, potential attackers must know there will be consequences.
“You need to have several arrows in your quiver,” Kaminski said. “As a nation, we don't want to depend only on the cybertools we have. We want to depend on all the responses we have.”
The White House event featured executives from General Electric; American Superconductor, known as AMSC; and the Information Technology Industry Council.
A former employee of AMSC helped a Chinese competitor steal information related to wind turbine manufacturing, causing significant damage and job loss, John Powell, the company's vice president and general counsel, said in a statement. The employee confessed and was convicted of theft. AMSC has filed intellectual property lawsuits against the competitor in China's courts.
“We applaud the administration for focusing on this issue and formulating a strategy around the protection of intellectual property,” Powell said. “This is a topic of vital importance not only for companies, but also for our nation as a whole.”
Mandiant, a private computer security company in Alexandria, Va., this week identified a “long-running and extensive cyber espionage campaign” that it said emanates from China and likely receives government support.
The Chinese government denied sponsoring computer attacks, saying it prohibits them and has done what it can to combat such activities in accordance with Chinese laws. Chinese officials say Mandiant and the United States have no physical evidence that computer attacks have come from its military and contend that such talk is counterproductive.
Yuan Gao, a spokesperson at the Chinese Embassy, told the Trib that “China would like to work with the U.S.” to combat such attacks.
Because China has been accused of sponsoring attacks on companies to steal trade secrets, the United States might respond with trade sanctions against companies that are benefiting from stolen intellectual property, said Dmitri Alperovitch, co-founding chief technology officer of CrowdStrike, a security technology company in Irvine, Calif. U.S. companies also could be encouraged to file civil actions against the attackers, he added.
The United States' response to Iran, which is blamed for mounting disruptive attacks, should be different, Alperovitch said.
Rep. Mike Rogers, chairman of the House Intelligence Committee, told the Trib last week that he suspects Iran set off recent “denial of service” attacks against PNC Bank and other U.S. banks, preventing customers from accessing their accounts online.
Dealing with a country with the size and capability of China, the United States must not overreact, Alperovitch said. Computer spying has not killed anyone or destroyed property, he said.
“The thing we need to do the most is make sure it doesn't get out of hand,” Alperovitch said. “Our relationship with China is multifaceted, and there's a lot of danger that this could escalate into something else.”
Andrew Conte is a staff writer for Trib Total Media. He can be reached at 412-320-7835 or firstname.lastname@example.org.