The United States needs a new strategy to counter the large-scale theft of American intellectual property (IP) by competitor nation-states and their proxies. While industrial espionage has been an ongoing challenge for US companies, foreign governments are complementing their existing methods with a new tool. The use of cyberattacks to steal intellectual property has added a new dimension to this challenge. In addition, the US government and the private sector face increasing demands to develop a more comprehensive defense. Cybertheft represents a serious threat to America's economic stability. It has cost the US economy billions of dollars and has resulted in the loss of millions of jobs, according to various government and private-sector estimates.
The US government and private sector have invested billions of dollars in cybersecurity and have taken steps to respond to this problem, but more needs to be done. The government has also undertaken high-profile law-enforcement and diplomatic efforts, aimed at preventing cyberespionage for economic purposes. Unfortunately, the evidence demonstrates that none of these steps have adequately curtailed this activity. Counterespionage officials and private-sector experts claim that state-sponsored theft, directly or through proxies, continues at an alarming rate. Eliminating cybercrime entirely may be neither cost effective nor a realistic objective, but thecurrent level of illicit activity is compromising US national and economic security to a degree that far exceeds the bounds of what might be deemed manageable without damage to America’s broader strategic interests.
The frustration of American business leaders continues to grow as nation-state actors and their associates victimize US companies, which are left without adequate recourse against the perpetrators or support from the US government to reduce the number of incidents in the first place. Consequently, many leaders in the public and private sectors have begun calling for more aggressive self-help measures for these kinds of cyberattacks, including authorizing the private sector to defend itself through retaliatory hacking and other more forward-leaning methods (also known as active defense or counterhacking).
Despite recent calls for more forceful action and the urgent need to impose greater costs on our adversaries, authorizing counterhacking by the private sector raises significant legal and practical difficulties that require great caution. The US government has better tools at its disposal, tools that target the economic and commercial interests that motivate much cybertheft of American IP. Fortunately, the United States can make significant progress by beginning to exercise powers it has already established and by adapting existing tools developed to curtail other activities that threaten the economic order. However, using these tools effectively will require continued focus on strengthening collaboration and information sharing between private industry and US law enforcement and intelligence.