Cybersecurity

Fighting cyber espionage, legally

Stewart Baker

Attorney and former Department of Homeland Security official Stewart Baker argues that a digital rule of law could be surprisingly effective.

Attorney and former Department of Homeland Security official Stewart Baker thinks so. The world might be friendlier to a digital rule of law than is commonly supposed, Baker asserted at a Dec. 4 breakfast sponsored by the American Bar Association. He pointed to Chinese President Xi Jinping's willingness to agree to international cyber accords and anti-hacking crackdowns within the People's Liberation Army as recent examples

Instead of going after the Chinese government, American companies and agencies could instead look to foreign firms.

"[Suing the Chinese government] is probably not your best bet anyway because the Chinese government will just, you know, stay offshore and thumb its nose at you," Baker said. "You're trying to dry up the market for cyber espionage rather than stop the cyber espionage directly, which is, that's what deterrence is all about."

Lawsuits, in other words, could help kill the cyber espionage market.

Baker said the Computer Fraud and Abuse Act, the Uniform Trade Secrets Act and Section 337 of the Smoot-Hawley Tariff Act all contain provisions related to stolen trade secrets that American firms could use to block foreign goods from the American marketplace.

Foreign firms are interested in stolen intellectual property so they can sell goods based on it, Baker noted. If they can't sell those goods in the world's biggest economy, they'll be a lot less keen on IP theft.

"These are potentially enormously valuable tools in the hands of the private sector," Baker said, predicting a major goods-blocking lawsuit from an American company against a foreign firm within the next five years.

The feds have a role to play, too, he said, calling on intelligence agencies to help scout foreign networks for stolen data. Targeted sanctions through the Office of Foreign Asset Control at Treasury also can help punish and dissuade hackers, Baker added.

What of the problems of attribution, and the threat of retaliation?

We have "remarkable" attribution capabilities by this point, Baker said, echoing the claims of those peeved in the private sector who want a more aggressive hack-back approach.

Retaliation, at least as concerns China, may not be a serious threat, he noted, as President Xi is "selling out" Chinese hackers in the interest of cementing internal control and assuaging world concerns.

Earlier this month, China claimed to have arrested the hackers responsible for the Office of Personnel Management breach, an intrusion Americans long suspected was state-sponsored, but which the Chinese government is now blaming on criminals.

Baker asserted that, all things considered, robust international legal action is the preferred way forward on cyber threats. The current de facto cyber defense model, emphasizing protecting networks rather than punishing and dis-incentivizing hackers, runs counter to the very principles of the law and civilized society, he noted.

It's as if the world was a town plagued by muggers, he said, and instead of arresting the criminals, the town's police chief told pedestrians to wear body armor to protect themselves.

"That chief of police wouldn't last a day with a plan like that," Baker said.

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.