Sunday, November 3, 2013

Cyber theft and the high cost of low prices.

The "IP Commission Report" on cyber theft was issued in May of this year.  Thank god that I just read it now, so I got myself five months of happy ignorance.

This report was prepared by a high level group of experts tasked to study the extent of cyber theft and develop policy recommendations. The commission is made out of very senior military and intelligence officers and members of Congress.  This is a well informed, highly credible, non partisan group. 

Their assessment of the situation is sobering.  Considering that Europe and Japan are also targeted, we are in the midst of the largest organized theft of intellectual property and know how in History. 


Here are the highlights:

-  The cost of IP theft to US companies is around $300 billion a YEAR. This is as much as what
    the US sells to Asia on an annual basis.
-   IP theft discourages innovation in the US and places companies at a cost disadvantage.
-   The US economy would have generated over 2 million more jobs locally.
-   China drives 70% of the problem, Russia, India and others are next in line.

The report recommends, among other things, that companies increase their level of network security. They warn that increased security will only dissuade one type of attacker, the "opportunistic hacker".  The report mentions another breed of evil geeks, the "targeted hacker". These are government funded teams that have the time and resources to penetrate ANY network. 

Can we hit them back? You would think that the answer is to make this behavior painful. US companies are, by law, unable to infiltrate and disrupt the operations of hackers on the other side. US cyber law is concerned about the potential damage to unrelated third parties caused by retaliatory activities. So at this moment, the US corporate world is at a clear disadvantage.  

Our legal framework is moving too slowly to effectively handle this new reality.  One of the issues is that the crime occurs in one country and the perpetrator is in another under a different set of laws. Government sponsored hacking is not a crime in China or in Russia.  Dealing with non democratic trading partners is tricky.   

Can we solve this problem using "polite means"?  

Adding tariffs to products from China, Russia and others, would only discourage their commercial theft activities, what happens when China targets military secrets?  We are now in a different place in our relationship with China and Russia. 

We need to figure out how to make this behavior so costly that it dissuades the perpetrators. Whether we like it or not, we got ourselves into a cyber war, just as nasty, but not as public as the ones in the past.    

1 comment: