TIME world affairs

Chertoff: We Need a Clear Doctrine of Deterrence to Cyber Attacks

Michael Chertoff was secretary of Homeland Security from 2005 to 2009. He is now executive chairman of The Chertoff Group, a global security and risk-management advisory firm.

And just as we did not abandon our aviation system after 9/11, we should defy demands that we curtail our free speech.

For years, cyber security specialists have reported on intensifying intrusions into the information networks of our major institutions, both public and private. Most of these have involved theft of personal information for financial gain or espionage aimed at stealing valuable intellectual property.

But occasionally we have seen more destructive attacks, aimed at “wiping” or destroying the networks and data themselves. In 2012, Saudi Aramco was a victim of a cyber attacks that destroyed thousands of machines, and in 2013 South Korean banks were also targeted for cyber damage.

The recent Sony attack is a disturbing new chapter in this escalation of cyber conflict, not least because of the reaction we have seen. North Korean sympathizers styling themselves “Guardians of Peace” have claimed credit for cyber intrusions that released substantial amounts of confidential Sony information and intellectual property and subsequently incapacitated Sony’s IT system. The group—thought by many to be directed by or at least complicit with the regime in North Korea—claim to be aggrieved because of a forthcoming Sony comedy that ridicules and ultimately portrays the assassination of North Korea’s dictator. The attack on Sony was followed in recent days by additional threats to cause “another 9/11″ at movie theaters that showed the film publicly.

Although Homeland Security Secretary Jeh Johnson affirmed that there is no credible evidence that this is a real risk, several movie chains cancelled showings and the release of the film has been suspended. Regardless of how empty this threat of retaliation really is, some of our theater companies have handed the North Korean regime and terrorists generally a major victory by effectively conceding a terrorist’s veto over our First Amendment.

Terrorist threats of physical or on-line violence to suppress free speech are not new. After a Danish newspaper published a cartoon deemed by some unflattering to Mohammed, some violent Islamist extremists plotted bombings in Denmark. Years ago, the Iranian regime levied a “death sentence” against author Salman Rushdie for his book Satanic Verses, which Ayatollah Khomeini deemed blasphemy. Some publishers were sufficiently intimidated that they self-censored cartoons or writings which might offend violent radicals.

But the wholesale cancellation of film showings in direct response to terrorist bluster is a profile in timidity. Moreover, as is the case when we pay ransom to kidnappers, a craven response to threats simply encourages more threats. Do we really want to hand the censor’s pen to North Korea or to ISIS? Is it really good business if media companies begin to reject books or film ideas because someone might be offended to the point of violence?

What is to be done? First, inasmuch as critical infrastructure companies are treated as national priorities for cyber security, our government needs to afford media companies the same sort of help. Second, as our citizens become the victims of actual destructive attacks by nation states or their proxies, we need a clear doctrine of deterrence and response by the U.S. government. Finally, just as we did not abandon our aviation system after 9/11, we should defy demands that we curtail our free speech. The filmmakers ought to make this new film available as widely as possible as soon as possible.

Michael Chertoff was secretary of Homeland Security from 2005 to 2009. He is now executive chairman of The Chertoff Group, a global security and risk-management advisory firm.

TIME Ideas hosts the world's leading voices, providing commentary and expertise on the most compelling events in news, society, and culture. We welcome outside contributions. To submit a piece, email ideas@time.com.

TIME foreign affairs

Michael Chertoff: China’s Strategic Campaign To Steal Western Commercial Secrets

The indictment lays down an important marker that strategic intellectual property theft will be treated as a serious breach.

This week’s indictment of five members of Chinese People’s Liberation Army “Unit 61398″ shines a spotlight on China’s strategic and systematic campaign to steal Western commercial secrets in order to unfairly advantage Chinese state owned or favored enterprises.

For years, many of us inside and outside government have warned that China was using espionage to obtain American intellectual property and confidential business plans for the benefit of Chinese companies. Recent US government reports have identified China as a profligate source of cyber intrusions into Western commercial networks. A private report by Mandiant released in 2013 pointed at the same Chinese Army unit as targeting over 140 companies across a wide variety of corporate systems, including those of technology companies and even media outlets. Last year, President Obama raised the intellectual property theft issue with President Xi at their summit in California.

But this is the first time criminal charges have been brought against specific Chinese military personnel for commercial cyber espionage. Of course, it is not plausible that these individuals will be extradited to the US to see the inside of a courtroom. Nevertheless, the indictment is a milestone for several reasons.

First, these charges set an important precedent that state sponsored intellectual property theft is not immune from prosecution. Indeed, taking the logic of this prosecution further, we may one day see prosecution of companies that induce and benefit from this cyber espionage under a theory of conspiracy. Such prosecutions would operate as an economic deterrent and would pave the way for ancillary civil lawsuits to recover damages.

Second, the lengthy indictment spells out in detail the kinds of commercially valuable data that was stolen and — somewhat unusually — identifies the victims, which include iconic American companies. What emerges is the portrait of a Chinese military unit assisting state owned enterprises by mounting a strategic campaign to target particular business processes, negotiating plans, and sensitive pricing and marketing information of their Western competitors. This puts real meat on the bones of what are usually just general warnings about cyber espionage. And it is striking to observe the sheer breadth of data that was taken, including very particular product specifications and business strategies. The result included giving Chinese companies an illicit look at their American counterparts’ negotiating tactics, as well as at attorney-client privileged communications in a trade dispute.

Third, the detailed nature of the charging document serves as a not too subtle warning that US investigators are quite capable of assembling a detailed picture of Chinese state backed cyber hacking operations. While that will not prevent all future such espionage efforts, it may cause foreign authorities to be more hesitant to engage in massive intellectual property theft.

Why does this all matter? Of course all nations engage in intelligence collection and espionage for national security purposes, and we have an intelligence community that does the same. But in the field of commercial competition we expect a level and fair playing field. When a nation state harnesses its intelligence capabilities to give its state-favored enterprises the advantage in negotiating or in bringing technology to market, the global trading system is skewed. Cyber espionage in the service of commercial companies allows those companies to harvest the benefit of others’ research and development without making any investment of their own. If state owned companies can secretly see their competitors’ production data, pricing calculations, and business strategies, those state enterprises can underprice or block the competition.

This week’s indictment lays down an important marker that strategic intellectual property theft will be treated as a serious breach of the rule of law and as a threat to the global economic and trade system.

Michael Chertoff was secretary of the Department of Homeland Security from 2005 to 2009. He co-founded and is chairman of the Chertoff Group, a global security and risk management advisory firm, and is senior of counsel at Covington & Burling LLP.

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser