Executive Summary: Executive Summary: Combating Foreign Combating Foreign Commercial Cyber Commercial Cyber

EspionageEspionageEvan Morris

George Mason UniversityNovember 20, 2013

OverviewOverview

•U.S. legislation combating espionage of commercial secrets•US Legislation mandating cyber security measures•Issues •Policy implementation•Q&A

Domestic Laws with Extraterritoriality

Economic Espionage Act of 1997

Private Right of Action Against Theft of Trade Secrets Act of 2013 (current)

International agreements against commercial espionage

TRIPS

cece

U.S. legislation mandating cyber-security programs

There are no blanket regulations that mandate the private sector from implementing cyber security programs

Cyber Security Act of 2013

FISMA 2002 (Most recently amended 2010)

IssuesIssues

•Inefficacy of FISMA: Process-oriented vs. Result-oriented (accountability failure)

•Static nature of regulatory law vs. the rapidly changing landscape of Cybersecuirty

•Policies which mandate Cybersecuirty reforms within the private sector

RecommendationRecommendation Revise the FISMA and

Cyber Security Acts

Monitor and penalize compliance failure

Allow for quickly adopting requirements within both laws without Congressional approval

Give the reins to a private contractor

Universal software requirements for all private companies

Information sharing between government and industry

Q&AQ&A