Monday, June 10, 2013

U.S. Intellectual Property Cybertheft Losses Call for Retaliatory Cyberattacks

There are two primary reasons to launch retaliatory cyberattacks – active defenses in the jargon of cyber defense – as well as reasons why not to do so.

Take a moment to review my previous post where I discussed the massive U.S. losses from intellectual property cybertheft. It leads us to the question, “Is now the time for retaliatory cyberattacks?

The answer is yes. And it has been for some time.

Due to America’s massive losses from cyberattacks, the time for retaliation has actually past. The dam holding American information has burst open and there is much water to be drained from the reservoir. Talking to those who steal our intellectual property will accomplish little. Media-fueled expectations aside, not one shred of evidence has been reported that President Obama seriously addressed cyberespionage or intellectual property theft with Chinese President Xi in their recent feel-good meeting in Rancho Mirage. America’s gushing dam of IP secrets remains open.

Only a show of force can slow the leaks. The two reasons in favor of cyber counterattacks say it all: to punish and to prevent. Notice I did not say recovery. Our past secrets are gone. We must focus on protecting the future.

A convincing case for active defenses is made by industry veteran Jeffrey Carr in his excellent book Inside Cyber Warfare. Among other reasons, he considers active cyber defenses superior due to their ability to be targeted, providing “all the force needed to accomplish the mission of defending against a cyberattack.” In other words, the military can stay at home, reducing the risks of escalation into physical conflict.

Carr also discusses the risks of active defenses, arguing that the possibilities of hitting incorrect targets or causing excessive damage to be worth the benefit of protecting a nation’s crucial computer networks. In other words, tradeoffs in support of a critical cause.

But under what circumstances do we counterattack?

Here are six scenarios to consider: Military cyberespionage; intrusions and disruptions of online networks, such as ATM machines; cybercrime; attacking or disabling military operations capabilities; intellectual property theft; and disabling critical infrastructure systems, such as power generation.

Of these, the final three deserve a stern warning followed by active defense counterattacks in order to protect the critical assets that enable the American way of life. This action will inevitably unleash a political furor from China. We can politely respond that we are not focused on counterattacking China per se, but whoever across the globe violates the sanctity of our critical national information systems.

It is time to make a decision. Is pleasing China our priority? Or is protecting America’s security and way of life our priority?

Note: The upcoming Suits & Spooks conference in La Jolla the weekend of June 15-16 has several sessions addressing the subject of offensive cyber defense actions.

("Male Hand Typing On Laptop" image: suphakit73/

1 comment: