Report Recommends US Permit Private Counterattacks Against International Hackers

Should the US allow companies to wage cyber warfare?

From David E. Sanger, New York Times:  With President Obama preparing for a first meeting with China’s new president, a commission led by two former senior officials in his administration will recommend a series of steps that could significantly raise the cost to China of the theft of American industrial secrets. If milder measures failed, the commission said, the United States should consider giving companies the right to retaliate against cyberattackers with counterstrikes of their own.

The recommendations are from the private Commission on the Theft of American Intellectual Property, which is led by two figures who parted company with the White House on strained terms: Dennis C. Blair, Mr. Obama’s first director of national intelligence, and Jon M. Huntsman Jr., the former ambassador to China who left his post to run, unsuccessfully, for the Republican nomination for president.

“China is two-thirds of the intellectual property theft problem, and we are at a point where it is robbing us of innovation to bolster their own industry, at a cost of millions of jobs,” Mr. Huntsman said, with a bluntness that would have been forbidden when he served in Beijing. “We need some realistic policy options that create a real cost for this activity because the Chinese leadership is sensitive to those costs. . . .”

The new report does propose specific remedies. One is to mandate that foreign companies that want to be listed on stock exchanges in the United States first pass a review by the Securities and Exchange Commission about whether they use stolen intellectual property. “They all want their shares to be traded here, so this would impose a real cost,” Mr. Blair said. Similarly, whether companies protect intellectual property would be considered by the Committee on Foreign Investment in the United States, which judges whether an investment in the United States could pose a security risk. Currently it looks only at national security implications of investments; this would add a new criterion. . . .

Some of the most interesting recommendations deal with combating China’s role in cyberattacks, likely to rank among the most delicate subjects in Mr. Obama’s meeting with Mr. Xi. The commission argued that American companies “ought to be able to retrieve their electronic files or prevent the exploitation of their stolen information” by designing their computer files to self-destruct if they fall into the wrong hands. But the authors of the report also say that if the damage “continues at current levels,” the government should consider allowing American companies to counterattack — essentially taking cyberwar private.

If counterattacks against hackers were legal, there are many techniques that companies could employ that would cause severe damage to the capability” of the Chinese or other groups committing computerized theft, the report said. But it added a qualifier: “while properly empowered law enforcement authorities are mobilized.” Many in the administration have opposed such ideas, fearing that they could lead to a cycle of escalation between the United States and other nations that could easily spin out of control.  (graphic:

Image: inteprosfed%20com%205%2022%2013%20active%20defense.jpg