Administration Bolsters Plans to Counter Cyber Spys


New strategy expands collaboration among agencies and with the private sector.

The intelligence community, as part of a new interagency effort to counter cyberspying, will consider feeding questions to U.S. attorneys for suspects to aid espionage investigations, federal officials said on Wednesday.

Officials announced the "Administration Strategy on Mitigating the Theft of U.S. Trade Secrets" the day after Mandiant, a highly-regarded computer forensics firm, released data linking the Chinese army to a massive cyberespionage operation against American companies. In unveiling the plan, the attorney general and a State Department undersecretary mentioned crimes perpetrated by Chinese hackers, but did not focus on that specific threat.

Counterintelligence officers "are considering an expansion of collaboration" where they could “introduce questions for attorneys to pose to offenders during the investigation process,” according to the strategy.

Another tactic could be examining ways to tie plea bargains and sentencing decisions to suspects' willingness to cooperate with counterintelligence officers during damage assessments, the plan adds. 

Frank Montoya, national counterintelligence executive for the Office of the Director of National Intelligence, said the intelligence community's role is to identify in instances when there is a foreign nexus, the nations that "are taking advantage of us from a trade secrets perspective.” Montoya's office in 2011 made the first U.S. government accusation naming "Chinese actors" as the "world’s most active and persistent perpetrators of economic espionage."

Beyond coordinating more inside the government, DNI also must cooperate better with corporate targets, Montoya added. 

"The key element of this effort is working together," he said. "It is important that we are able to take the information that we have and share it with those that are most affected." He did not specify what types of intelligence DNI will be willing to share.

The strategy, however, raises concerns about past public-private efforts to understand the data theft problem and alert companies to the risks. 

"Despite stringent reporting requirements" for cleared defense contractors, the Defense Security Service "reports that only 10 percent of [contractors] actually provide any sort of reporting in a given year," the plan states. 

Corporate security officers have told the government that reporting is too cumbersome and often redundant, with Defense and the FBI seeking the same data but in different formats, according to the report. 

The defense industrial base, an estimated $400 billion sector, has at its fingertips a mounting supply of government information and intellectual property stored on unclassified computers, the strategy notes. 

Apparently, Obama administration leaders, guided by U.S. IP Enforcement Coordinator Victoria Espinel, had been drafting the plan for months ahead of yesterday’s China hacking report, and did not cite the Mandiant study.

The 76-page paper accuses the People's Liberation Army of persistent computer intrusions to snatch U.S. government and industrial secrets. Mandiant's findings mark the first time cyber researchers have published evidence tracing breaches to a Chinese military unit.  The revelations were first reported by The New York Times on Monday. 

During Wednesday's announcement, Assistant Attorney General Lanny Breuer made first mention of the research during a discussion with business executives. He quoted from a line in the paper that stated, "Since 2006, Mandiant has observed [the alleged PLA wing] compromise 141 companies spanning 20 major industries."

Some technology executives on Wednesday said pegging responsibility for IP theft on specific entities might not be the best initial countermeasure. "I would like to see my industry first understand why are these attacks happening and why did they succeed" in order to minimize the damage, Jack Danahy, IBM director of North American security consulting, said during an interview.