Cyber security: In the past year, it has become the subject of anxious talk in boardrooms, alarming congressional testimony, heated editorials and diplomatic wrangling.
A new report from the Center for Technology Innovation at Brookings, “Cyber Theft of Competitive Data: Asking the Right Questions,” urges careful definition of the problem—now central to the U.S. cyber agenda and to U.S.-China diplomatic discussions—in order to forge policies and solutions.
“From a policy perspective, a better understanding of the problem will help promote the urgency of a response from Congress and the White House,” writes author Allan A. Friedman, a fellow in Governance Studies and research director for the Center for Technology Innovation at Brookings. “At the same time, it will help tamp down some of the aggressive rhetoric that has surrounded the issue.”
Friedman is laser-focused on theft of “competitive data” — the type of proprietary information that commercial entities have that allows them an edge in the market. This includes things like customer lists, pricing and market strategy — but excludes other forms of intellectual property that are covered by patents, trademarks and copyright.
He also excludes “strategic data” held by a state, and avoids the term “economic espionage,” because it is politically charged.
“The use of ‘espionage’ is itself legal, and there are few countries in the world that don’t practice it,” says Friedman. “…Strategic data might serve as the target for more legitimate intelligence activities.”
That said, Friedman argues that cyber intrusions that steal competitive data can have significant impact across industries—in the form of lost customers and sales, disruption of strategic plans or a loss of intrinsic value to the product.
The paper focuses on three types of intervention to avert the harms of data theft — starting with proactive efforts by companies. First, it looks at the use of security technology and which industries can benefit most cost effectively. Second, it explores ways that companies can adapt—a la Xerox—to the changing market where confidentiality is declining and cheaper products are emerging.
Finally, the author says, the goal is to explore how legal and diplomatic protection of property rights may—or may not—improve the situation.
“If we do not understand the nature and mechanics of the threat, then sizeable technical investments and elaborate diplomatic negotiations may fail to actually address the problem,” says Freidman.
CREATe.org IP Protection Tools and Resources