It hasn’t gotten much attention, but this week the Commission on the Theft of American Intellectual Property—a clumsy name for a valuable undertaking—issued its findings on the threat posed by espionage against American industry, mostly in the cyber domain, and suggested steps to mitigate them. The entire report of the commission, chaired by retired Admiral Dennis Blair and former Ambassador to China Jon Huntsman, is worth reading.
It certainly underlines the size of the problem, estimating that annual losses from intellectual property theft top $300 billion and result in the loss (or more properly the failure to add) millions of jobs to the U.S. economy. It also squarely blames China as the main source of all this theft, accounting for 50-80 percent of the whole. “National industrial policy goals in China encourage IP theft,” the commission found, “and an extraordinary number of Chinese in business and government entities are engaged in this practice.”
What to do about this epidemic of industrial espionage? The commission offers some valuable suggestions, as summed up by Blair and Huntsman in a Washington Post op-ed: “denying products that contain stolen intellectual property access to the U.S. market; restricting use of the U.S. financial system to foreign companies that repeatedly steal intellectual property; and adding the correct, legal handling of intellectual property to the criteria for both investment in the United States under Committee for Foreign Investment in the United States (CFIUS) approval and for foreign companies that are listed on U.S. stock exchanges.”
Those are all valuable steps but what is really intriguing is a recommendation that the commission does not endorse at this time—but that it believes may be necessary in the future unless China mends its ways: letting companies counter-attack in the cyber domain against intellectual property thieves. Such attacks are illegal today—as is any hacking—but if it were legalized this “would raise the cost to IP thieves of their actions, potentially deterring them from undertaking these activities in the first place.” The committee didn’t endorse retaliation “because of the larger questions of collateral damage caused by computer attacks, the dangers of misuse of legal hacking authorities, and the potential for nondestructive countermeasures such as beaconing, tagging, and self-destructing that are currently in development to stymie hackers without the potential for destructive collateral damage.” It concludes: “Further work and research are necessary before moving ahead.”
These are all legitimate concerns, but given that imploring China to put a stop to its cyber-attacks has not worked, it is high time to deter such attacks by showing that the U.S. can strike back. This should not be a responsibility of industry. It is the U.S. government which is charged with the nation’s defense, and it is high time that the government—specifically the military’s cyber command—seriously consider retaliating in kind for Chinese attacks on our computer networks, both government and civilian. Only if Beijing knows that it will pay a heavy price will it stop its aggressive cyber-intrusions.