U.S. urged to let companies 'hack-back' at IP cyber thieves
Best defense against American IP theft may be legalizing cyber offense, U.S. commission says
Computerworld - U.S. companies should be allowed to take aggressive countermeasures against hackers seeking to steal their intellectual property, contends the private Commission on the Theft of American Intellectual Property.
The 100-page report, released this week, stops just short of recommending that the U.S. allow businesses to actively retrieve stolen information from within an intruder's network and to disable or destroy it without any limitations.
However, the report makes clear that some so-called hack-back options should be available if simpler attempts to deter IP theft fail, which will likely gain the attention of rights advocacy groups.
The commission is co-chaired by Dennis Blair, former U.S. director of National Intelligence and Jon Huntsman, former U.S. ambassador to China.
The report, released Wednesday, largely blames China for the what it says is the theft of hundreds of billions of dollars worth of U.S. intellectual property each year. Such theft leads to significant U.S. revenue loss while hurting U.S. innovation and jobs, the report noted.
"The American response to date of hectoring governments and prosecuting individuals has been utterly inadequate to deal with the problem," the commission said in the report.
Data from court cases, the U.S. trade representative and from specialized firms and industry groups show that Chinese cybercriminals account for roughly 70% of all IP theft today.
The stolen IP is used to help Chinese companies and the Chinese government close the technology gap with the U.S. That finding is similar to one cited in the recently released Department of Defense Annual Report to Congress.
Countries like India and Russia are also seen as posing a strong threat to American IP, the reports said.
Existing laws and IP protection provisions in international trade agreements have failed to address the issue so far. Similarly, emerging cybersecurity laws and policies implemented by the Obama administration to tighten U.S. economic espionage laws will only have limited effect, the IP commission argued.
In order to better deter intellectual property theft, U.S. companies should be allowed to implement measures that make it more costly for someone to steal their property, the report said.
"Effective security concepts against targeted attacks must be based on the reality that a perfect defense against intrusion is impossible," the IP commission said. It argued that it's more important to raise the stakes for cybercriminals than to create more laws aimed at stopping all attacks.
For instance, the commission said that federal laws should allow U.S. owners of intellectual property to recover or render inoperable any IP that's stolen over the Internet. Such laws would allow companies to consider a broader use of "meta-tagging," "beaconing" and "watermarking" tools to digitally mark any files containing proprietary data.
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Update: Judge rules NSA spy efforts may be unconstitutional
- Perspective: Privacy concerns could keep Amazon delivery drones grounded
- NSA collects data from millions of cellphones daily
- Perspective: Curbing data use is key to reining in NSA
- Lavabit-DOJ dispute zeroes in on encryption key ownership
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts