U.S. efforts to enhance cybersecurity and to counter international theft of trade secrets.

• Author: Crook, John R.

In February 2013, the U.S. administration announced separate, but related, initiatives to combat cyberattacks on critical U.S. infrastructure and to stop the theft of trade secrets. (1) The actions reflect growing concern at what officials see as increasingly pervasive penetration of U.S. private and government institutions, notably by hackers based in China. (2) In mid-February, Mandiant, a U.S. cybersecurity firm, released a sixty-page study (3) alleging that a unit of China's Peoples Liberation Army based in Shanghai, designated as P.L.A. Unit 61398, was responsible for massive thefts of data and trade secrets from U.S. and other firms. The report's conclusions are reportedly consistent with those of other private and government investigators. (4) (China's defense ministry challenged the Mandiant study; an official spokesman insisted that that "Chinese military forces have never supported any hacking activities." (5))

Protecting Critical Infrastructure. In February 2013, President Barack Obama issued a multipart executive order that, inter alia, directs U.S. government agencies to increase and expedite the sharing of information about cyberthreats to U.S. operators of power grids, pipelines, and other critical infrastructure. (6) The order is fundamentally domestic in orientation, (7) but its introductory paragraphs indicate senior officials' concern at the threat to U.S. national security posed by cyber attacks.

Section 1. Policy. Repeated cyber intrusions into critical infrastructure demonstrate the need for improved cybersecurity. The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront. The national and economic security of the United States depends on the reliable functioning of the Nation's critical infrastructure in the face of such threats. It is the policy of the United States to enhance the security and resilience of the Nation's critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties. We can achieve these goals through a partnership with the owners and operators of critical infrastructure to improve cybersecurity information sharing and collaboratively develop and implement risk-based standards.

Sec. 2. Critical Infrastructure. As used in this order, the term critical infrastructure...