Modern field guide to security and privacy

Opinion: Why trade secrets bill will deter cybercrime

The Defend Trade Secrets Act is another sign that the US government is finally acknowledging that an active deterrence must be a key part of any successful cybersecurity plan. 

|
Charles Dharapak/AP/File
For the first time in May 2014, a US grand jury charged Chinese military officials with economic espionage and trade secret theft.

In a major step toward deterring cybercrime, the Senate unanimously passed a bill Monday to empower corporate espionage victims to seek damages for computer-enabled intellectual property theft.

The Defend Trade Secrets Act (DTSA) is yet another sign of the US government's growing commitment to deterrence as a key element in the country's cybersecurity strategy. By enabling corporate victims to recover losses from cyberenabled IP theft, the bill encourages victims to pursue perpetrators.

The bill is designed to make cyberespionage more costly for malicious hackers – either acting alone or backed by nation-states – by allowing victims the chance to recover significant monetary damages after an attack.

Until recently the dominant approach to cybersecurity in the US was to batten down the hatches. We almost exclusively focused on reducing our vulnerability to cyberattack and espionage.

This approach didn’t work. Adversaries continue to wage successful cyberespionage campaigns despite concerted long-term US efforts to bolster network defenses. The lesson learned: Stronger locks and taller fences by themselves are not enough to stop targeted attacks. That’s why deterrence is key.

One of the first public indications that the US government was embracing threat deterrence came in May 2014, when the Department of Justice indicted five Chinese military officers for economic espionage against US companies including Westinghouse Electric and US Steel.

By identifying the Chinese PLA officers involved and providing details of their activities – i.e., by "naming and shaming" the perpetrators – the US sought to deter the activities by increasing the political and diplomatic costs of engaging therein.

The US response to the Sony hack also reflected a shift toward cyberthreat deterrence. Not only did the FBI attribute the hack to the North Korean government, but also President Obama signed an executive order which enabled the Treasury Department to impose targeted sanctions on North Korean agencies and 10 government officials.

That was the first time that the US retaliated for a cyberattack perpetrated against a private company – and the first time that sanctions were used in response to a nation-state sponsored cyberattack. Given the limited extent of US engagement with North Korea, the sanctions – which bar certain commercial relationships – have had a minimal effect.

Still, the US sent a strong signal to other would-be digital adversaries that those sorts of attacks wouldn't be tolerated. As Treasury Secretary Jack Lew said at the time, “These steps underscore that we will employ a broad set of tools to defend US businesses and citizens, and to respond to attempts to undermine our values or threaten the national security of the United States."

In April 2015, just months after imposing targeted sanctions on North Korea, Mr. Obama issued an executive order establishing a cyber sanctions program modeled on US counterterrorism and nonproliferation sanctions programs.

The cyber sanctions program is designed to penalize those who engage in destructive digital attacks against critical infrastructure and/or engage in commercial cyberespionage. Specifically, it authorizes the US government to freeze assets of foreign nationals responsible for "malicious, cyberenabled activities."

Now, the Defend Trade Secrets Act is meant to create a private right of action for trade secret misappropriation. As soon as the bill becomes law – it's likely to pass the House and the Obama administration supports it – companies should take action and pursue violators. Going after malicious hackers is key to deterring cybercrime over the long run.

Melanie Teplinsky teaches information privacy law at the American University Washington College of Law as an adjunct professor. She started her career in cybersecurity in 1991 as an analyst at the National Security Agency.

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Opinion: Why trade secrets bill will deter cybercrime
Read this article in
https://www.csmonitor.com/World/Passcode/Passcode-Voices/2016/0405/Opinion-Why-trade-secrets-bill-will-deter-cybercrime
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe