Defense industrial base wary of cybersecurity laws.

• Author: Magnuson, Stew

That hackers are intent on stealing U.S. trade secrets particularly those pertaining to the military--is a given.

That the United States is capable of responding to this threat remains to be seen.

President Barack Obama earlier this year released an executive order aimed at guarding critical infrastructure in private hands from cyber-espionage and attacks. It followed inaction on the part of the 112th Congress, which tried, but failed, to move any legislation that could assist companies that are trying to fend off sophisticated adversaries who are bent on infiltrating their networks.

[ILLUSTRATION OMITTED]

The executive order was "really just half a loaf," said Paul Martino, an attorney who co-leads the privacy and security practice at the Alston & Bird law firm in Washington, D.C., and a former cybersecurity adviser to Sen. John McCain, R-Ariz. Legislation will still be needed to allow the private sector to freely share information on threats, he added.

The key component of the Cyber Intelligence Sharing and Protection Act that failed in the 112th Congress, and the version reintroduced in the current session is, as the title suggests, information sharing, said Martino and other experts interviewed.

"The most important part of the bill is that it is trying to get the information sharing regime right, and trying to do it in a way that is going to be useful, [and] going to help identify threats and prevent attacks," Martino said.

[ILLUSTRATION OMITTED]

Much of the bill appears to be aimed at entities such as energy companies that control electric grids, but the defense industrial base is a part of the Department of Homeland Security's list of 18 critical infrastructure sectors. The responsibility for protecting the entities on the list of 18 is spread out among various federal departments and agencies. Naturally, the Defense Department is charged with overseeing the defense industrial base.

"With the possible exception of the electricity grid, there are no bigger targets than the defense industrial base," said former Ambassador David J. Smith, who now serves as the director of the Potomac Institute's Cyber Center. The institute is an Arlington, Va.-based think tank.

The widespread theft of intellectual property from U.S. defense firms by hackers in China and Russia are operations of strategic importance, Smith said.

"We are talking about nation states targeting the U.S. government and the holders of its intellectual property," he said. China...