Chinese hacking continues to build anger in American business and government circles. As a result, private companies may be encouraged to do more than passively defend their networks as evidenced by the recent report of a commission headed by two Obama appointees, former US Ambassador to China (and minor GOP Presidential candidate) Jon Huntsman and former Director of National Intelligence Dennis Blair. The report apparently lists Chinese hacking as a major threat to intellectual property (it’s due out later today). And, according to early press reports, the commission calls for an expansion of private companies’ authority to track their stolen data back to the attacker’s network:
“The commission argued that American companies “ought to be able to retrieve their electronic files or prevent the exploitation of their stolen information” by designing their computer files to self-destruct if they fall into the wrong hands. But the authors of the report also say that if the damage “continues at current levels,” the government should consider allowing American companies to counterattack — essentially taking cyberwar private.
“If counterattacks against hackers were legal, there are many techniques that companies could employ that would cause severe damage to the capability” of the Chinese or other groups committing computerized theft, the report said. But it added a qualifier: “while properly empowered law enforcement authorities are mobilized.” Many in the administration have opposed such ideas, fearing that they could lead to a cycle of escalation between the United States and other nations that could easily spin out of control.”
The commission also adopts another view first popularized here: that attribution of attacks should be followed by retribution, and it comes up with at least one clever bit of retribution that I’d missed: restrictions on access to US stock exchanges:
“The new report does propose specific remedies. One is to mandate that foreign companies that want to be listed on stock exchanges in the United States first pass a review by the Securities and Exchange Commission about whether they use stolen intellectual property. “They all want their shares to be traded here, so this would impose a real cost,” Mr. Blair said. Similarly, whether companies protect intellectual property would be considered by the Committee on Foreign Investment in the United States, which judges whether an investment in the United States could pose a security risk. Currently it looks only at national security implications of investments; this would add a new criterion.”