A Toothless Trade Secret Strategy

Obama strategy to protect U.S. corporate secrets limited to diplomacy, law enforcement

Flickr user twitchphoto
• February 21, 2013 4:59 am


A new White House strategy designed to protect trade secrets from economic espionage limits United States government action to diplomatic and law enforcement measures.

The "Administration Strategy on Mitigating the Theft of U.S. Trade Secrets," made public Wednesday, said it will seek to protect U.S. commercial innovation and other business advantages from aggressive economic espionage.

"These intangible assets are often captured as intellectual property—copyrights, patents, trademarks, and trade secrets, and reflect America’s advantage in the global economy," the report said.

The report lists numerous examples of Chinese theft of corporate data from companies such as Ford, General Motors, DuPont, Dow Chemical, Valspar, and Motorola.

However, policy specific to China is not mentioned in the text of the strategy.

"This strategy is not focused on any one country nor is it focused on cybersecurity exclusively, though cyber does play an important role in the strategy," said a White House official.

U.S. officials said the strategy deliberately played down the major role played by China in order to avoid upsetting relations with Beijing.

Robert Hormats, undersecretary of state for commerce, told reporters that China’s role in theft of trade secrets and intellectual property "remains a serious and highly troubling issue."

"That’s why cyber security and the protection of intellectual property and trade secrets are the main item on the agenda in our annual security dialogue [with China]," Hormats said.

Hormats said U.S. government officials repeatedly raised concerns about trade secrets theft at "the highest levels" of the Chinese government "and will continue to do so."

Russia and other countries also engaged in trade secrets theft, he said.

The strategy makes no mention of the use of offensive intelligence or military cyber operations against offending states, a strategy urged by some private sector security analysts.

Economic sanctions against countries or entities engaged in pilfering trade secrets also are not mentioned in the report.

John Bolton, former U.S. ambassador to the United Nations, criticized the report for lacking substance.

"Repeating its strategic mistake of treating international terrorism as primarily a matter of law-enforcement, the Obama administration sees cyberspace the same way conceptually," Bolton told the Free Beacon.

"The main threats to U.S. trade secrets, based on the available evidence, come from state actors that are not subject to law-enforcement sanctions, enforcement, or deterrence. American business—and our economy as a whole—will pay dearly for the administration's delusions."

The report states that "emerging trends indicate that the pace of economic espionage and trade secret theft against U.S. corporations is accelerating," referring to a two-year old U.S. counterintelligence report.

"There appears to be multiple vectors of attack for persons and governments seeking to steal trade secrets," the report says. "Foreign competitors of U.S. corporations, some with ties to foreign governments, have increased their efforts to steal trade secret information through the recruitment of current or former employees."

U.S. companies, law firms, and academic and financial institutions "are experiencing cyber intrusion activity against electronic repositories containing trade secret information," the report said.

Threats include hackers and company insiders who steal and sell valuable data ranging from blueprints to marketing secrets to motion pictures and other copyrighted and patented material, often developed at the cost of millions of dollars.

The report warns that the theft of trade secrets "threatens American businesses, undermines national security, and places the security of the U.S. economy in jeopardy.

"These acts also diminish U.S. export prospects around the globe and put American jobs at risk."

The strategy report was produced with input from several government agencies, including the Commerce, Defense, Homeland Security, Justice, State, and Treasury Departments. The Office of the Director of National Intelligence and the Office of the United States Trade Representative also took part.

The Commerce and Defense Departments and Office of the National Counterintelligence were in charge of research and reporting.

The report calls for the administration to "continue to apply sustained and coordinated diplomatic pressure on other countries to discourage trade secret theft," under a section on strategy action items.

Such efforts during the Obama administration’s first four years have not produced a lessening of trade secrets theft, analysts say.

The administration’s policy has been to "raise" the issue with senior leaders of "countries of concern." However, no offending countries were identified by name.

The State Department will track trade secrets theft and "deliver appropriate messages to their foreign counterparts."

Coalitions will be formed with other nations to deliver similar messages.

Other steps call for "deeper cooperation" with trading partners, more investigation of trade secret theft, and discussing trade secret protection in international forums.

International law enforcement cooperation will also be used to try to stem the loss of trade secrets, including cooperation with international law enforcement units. Increased domestic law enforcement also is planned.

The administration also plans to promote better security among U.S. companies. "Companies need to consider whether their approaches to protecting trade secrets keeps pace with technology and the evolving techniques to acquire trade secrets enabled by technology," the report said.

Increased intelligence sharing also will be sought among spy agencies and law enforcement, and the Pentagon will provide threat information on trade secrets theft to defense companies.

Congress also will be asked to strengthen laws protecting intellectual property from theft.

The report reveals that the financial firm Goldman Sachs spent $500 million for computer software for high frequency trading in one case study. A Goldman Sachs computer programmer who was convicted of economic espionage stole the source code but the conviction was overturned on a legal technicality.

The strategy also calls for a campaign of public awareness of the threat of trade secret theft.

Frank Montoya, who is the national counterintelligence executive, said protecting U.S. business innovation is a 21st century national security issue.

"You cannot have good national security if you don’t have good economic security," Montoya said. Counterintelligence will seek to identify foreign economic espionage, he said.

Release of the White House strategy report comes amid mounting pressure on the administration to take action against China for its role in cyber espionage that officials say has cost billions of dollars in lost information.

A private security firm revealed this week that a secret Chinese military unit near Shanghai is behind a worldwide campaign of cyber espionage that has stolen vast quantities of U.S. corporate data over at least six years.

"Our research and observations indicate that the Communist Party of China is tasking the Chinese People’s Liberation Army (PLA) to commit systematic cyber espionage and data theft against organizations around the world," the report by the security firm Mandiant said.

The Mandiant report said China’s main military cyber espionage organization is the PLA’s 2nd Bureau of the General Staff Department’s 3rd Dept., code-named Unit 61398.

"The nature of Unit 61398’s work is considered by China to be a state secret; however, we believe it engages in harmful computer network operations," the report said.

The Shanghai cyber network has "systematically stolen hundreds of terabytes of data from at least 141 organizations, and has demonstrated the capability and intent to steal from dozens of organizations simultaneously," the report said.

The cyberspy unit used well-defined computer network attack methods developed over years and, once it gained access over several months or years, stole broad categories of information. They include technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from leaders within the victim organizations.

The Chinese cyber espionage unit was identified as a PLA unit that is "a single organization of operators that has conducted a cyber espionage campaign against a broad range of victims since at least 2006," the report said, adding that "it is one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen."