By Michael McNerney & Emilian Papadopoulos | 62 Am. U. L. Rev. 1243 (2012)
In October 2012, former Secretary of Defense Leon Panetta made headlines at a speech in New York when he warned of an impending “cyber Pearl Harbor.” He cautioned that the United States’ critical infrastructure, such as the electric grid, air traffic control system, and financial networks, are increasingly vulnerable to malicious hackers both at home and abroad. Since then, numerous senior government officials also echoed Panetta’s comments, and the Administration issued an executive order on improving the cybersecurity of critical infrastructure. The fact that the Administration would dedicate so much attention to cybersecurity shows how important this issue is to our nation’s security.
While the U.S. defense establishment gears up to defend the nation from this nightmare scenario, private industry is already locked in a struggle
with what is perhaps a more insidious threat: the persistent theft by cyber means of intellectual property and business secrets. Although this threat as an attack on critical infrastructure, it does promise to undermine America’s long-term competitiveness. At a time when the world economy remains fragile, this loss of competitiveness can negatively impact our ability to be productive and generate wealth and economic progress. While the exact scope of the problem is hard to discern, and indeed some people question whether the threat is as severe as experts say, evidence in reports by government and private organizations continues to mount that the cyberthreat to the economy is significant. Most recently, the Commission on the Theft of American Intellectual Property reported that intellectual property theft against the U.S. is costing the economy more than $300 billion per year, nearly equal to the country’s total exports to Asia.
In many respects, America remains the center of global technological innovation. The United States is home to many of the world’s best research universities and facilities, which helps fuel our high-tech innovation centers in places like Silicon Valley and Boston. Additionally, a great deal of global financial transactions occur in places like New York and Chicago, and the mid-west appears to be on the cusp of an energy boom. All of this is great news and bodes well for the future of the American economy. Unfortunately, it also provides a tempting target for criminal enterprises and nations who do not possess a robust, indigenous capacity for innovation. As such, it should come as little surprise that others will attempt to steal the United States’ intellectual property as a shortcut to their own prosperity. The growth of the Internet and the resulting interconnectedness of our networked world just make would-be thieves’ jobs a lot easier—“Recognizing this problem, the Administration in February 2013 issued its Strategy on Mitigating the Theft of U.S. Trade Secrets, though the strategy’s impact will be limited without significant regulatory or legislative support.”
Much like technology itself, the nature of cyberattacks is constantly evolving. Cyberattackers, or hackers, have focused a lot of attention on the fertile hunting ground that is financial institutions, energy companies, defense firms, and information technology companies. Yet, as awareness increases and cybersecurity improves in these industries, intruders have begun to look elsewhere. Increasingly, law firms are becoming ground zero for theft of intellectual property and business secrets. Attackers realize that law firms can house significant stores of sensitive information for their clients and that hacking a single firm can provide one stop shopping for a wide range of trade secrets and sensitive transactional data. This new dynamic poses significant challenges for attorneys and law firms as they begin to grapple with the implications for their professional responsibility and for their own brand protection and competitiveness.