ATTORNEYS 1, U.S. CYBERSECURITY 0

As cybercrime and cyber breaches become a larger and larger concern, the Wall Street Journal on April 1 reported that the Securities and Exchange Commission is pressing companies "to be more forthcoming about attacks on their computer networks."  

With class-action suits and plaintiffs' attorneys jumping on such data breaches and seeking damages, companies are increasingly turning to law firms with specialized practices in security-incident defenses in order to use the client-attorney privilege to maintain their internal investigations private.

The article goes on to say that major law firms across the country have increased their recruiting of prosecutors with cybercrime experience.  The Journal states that the income potential of such cybersecurity practices offers major upside potential as attacks escalate.

Once again, as the need for companies to share information is greater than ever, the attorneys counsel the information should be kept private.  The attorneys win again.

ARE WE IN A CYBER WAR WITH CHINA?

Hardly a day goes by without media coverage or editorial reporting discussing China’s barrage of intrusions into U.S. private, public and government computer networks.  Some would argue that, because there is no damage of operations or loss of life that as a result of these intrusions we are merely on the receiving end of spying via the Internet which in itself is not an act of war.

Cyberwar as defined by Cyber Warfare Today, maintains that theft of military secrets and prying into U.S. military databases and communications systems is nothing short of “prepping the battlefield” for possible future action against the U.S. when and if necessary, and is thus an act of war.  This is nothing more than application of one of the tenants of Sun Zsu’s Chinese bible on warfare “The Art of War.”

The other type intrusions from Chinese sources – The New York Times, Bloomberg, Google, and many more – are looking for information or in some cases taking proprietary information, and are not acts of war.  Theft, but not acts of war. 

What should we do?  The answer is simple – not easy, mind you, but simple: apply the teenager stealing Mom’s prescriptions solution:  you make the drugs inaccessible and take appropriate disciplinary action.  The United States has jawboned China to death over these intrusions and theft of property but has neither (1) taken effective steps to reduce or remove accessibility of data or (2) taken remedial action against the Chinese.  In this case remedial action means dialing up our country’s cyber intrusions against China one notch, then two or three until we have the other side’s attention.  As far as accessibility, our lack of coherent defensive strategies has left our gates wide open.  But that is a topic for another posting.