recommended reading

Administration Bolsters Plans to Counter Cyber Spys


The intelligence community, as part of a new interagency effort to counter cyberspying, will consider feeding questions to U.S. attorneys for suspects to aid espionage investigations, federal officials said on Wednesday.

Officials announced the "Administration Strategy on Mitigating the Theft of U.S. Trade Secrets" the day after Mandiant, a highly-regarded computer forensics firm, released data linking the Chinese army to a massive cyberespionage operation against American companies. In unveiling the plan, the attorney general and a State Department undersecretary mentioned crimes perpetrated by Chinese hackers, but did not focus on that specific threat.

Counterintelligence officers "are considering an expansion of collaboration" where they could “introduce questions for attorneys to pose to offenders during the investigation process,” according to the strategy.

Another tactic could be examining ways to tie plea bargains and sentencing decisions to suspects' willingness to cooperate with counterintelligence officers during damage assessments, the plan adds. 

Frank Montoya, national counterintelligence executive for the Office of the Director of National Intelligence, said the intelligence community's role is to identify in instances when there is a foreign nexus, the nations that "are taking advantage of us from a trade secrets perspective.” Montoya's office in 2011 made the first U.S. government accusation naming "Chinese actors" as the "world’s most active and persistent perpetrators of economic espionage."

Beyond coordinating more inside the government, DNI also must cooperate better with corporate targets, Montoya added. 

"The key element of this effort is working together," he said. "It is important that we are able to take the information that we have and share it with those that are most affected." He did not specify what types of intelligence DNI will be willing to share.

The strategy, however, raises concerns about past public-private efforts to understand the data theft problem and alert companies to the risks. 

"Despite stringent reporting requirements" for cleared defense contractors, the Defense Security Service "reports that only 10 percent of [contractors] actually provide any sort of reporting in a given year," the plan states. 

Corporate security officers have told the government that reporting is too cumbersome and often redundant, with Defense and the FBI seeking the same data but in different formats, according to the report. 

The defense industrial base, an estimated $400 billion sector, has at its fingertips a mounting supply of government information and intellectual property stored on unclassified computers, the strategy notes. 

Apparently, Obama administration leaders, guided by U.S. IP Enforcement Coordinator Victoria Espinel, had been drafting the plan for months ahead of yesterday’s China hacking report, and did not cite the Mandiant study.

The 76-page paper accuses the People's Liberation Army of persistent computer intrusions to snatch U.S. government and industrial secrets. Mandiant's findings mark the first time cyber researchers have published evidence tracing breaches to a Chinese military unit.  The revelations were first reported by The New York Times on Monday. 

During Wednesday's announcement, Assistant Attorney General Lanny Breuer made first mention of the research during a discussion with business executives. He quoted from a line in the paper that stated, "Since 2006, Mandiant has observed [the alleged PLA wing] compromise 141 companies spanning 20 major industries."

Some technology executives on Wednesday said pegging responsibility for IP theft on specific entities might not be the best initial countermeasure. "I would like to see my industry first understand why are these attacks happening and why did they succeed" in order to minimize the damage, Jack Danahy, IBM director of North American security consulting, said during an interview. 


Threatwatch Alert

Credential-stealing malware / User accounts compromised / Software vulnerability

Android Malware Infects More than 1M Phones, Adds 13,000 Devices a Day

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.