C
ybersecurity has become a pressing policy issue, and has drawn the atten-
tion of the national security community. Yet there is an emerging consensus
among experts that one of the largest policy problems faced in cyberspace
may be not a question of military threats in a new domain, but the massive exfiltra-
tion of competitive information from American companies. Economic espionage has
existed at least since the industrial revolution, but the scope of modern cyber-en-
abled competitive data theft may be unprecedented.
Much of the conversation surrounding the impact of cyber-enabled data theft has
focused on how much theft is occurring today and how much this theft costs our
economy today. Since data on the former (the level of theft) is extremely limited and
almost certainly incomplete, efforts to estimate the latter (the present cost of theft)
have suffered from both limited data and analytical approach, leading to widely
varying estimates. Our focus in this paper is instead on long-term consequences
of cybertheft for innovative sectors of activity that are at the core of US economic
success. We conceive of the problem as one of diminished growth, rather than
purloined assets. We explore the long-run implications of a world with no more (or
with selectively fewer) digital secrets, examining which sectors or industries will
be hurt the most or remain resilient, and which policies or technologies might be
priorities for limiting economic harm in the future.
We begin by developing a framework to unpack the concept of “cyber-enabled
competitive data theft” (CCDT), which comprises many different dynamic pathways.
The type of data stolen is important: even files typically seen as mundane, such as
email archives, could be of great value to an attacker. The right emails can reveal a
bidding strategy for a billion-dollar deal, for example. We also consider how different
Allan A. Friedman, PhD
is a fellow in Governance
Studies, and Research Director
of the Center for Technology
Innovation at the Brookings
Institution. His work focuses on
information technology policy,
with a particular expertise on the
economics of cybersecurity. He is
the co-author, with Peter Singer,
of Oxford Press's forthcoming
book Cybersecurity and Cyberwar:
What Everyone Needs to Know.
Austen Mack-Crane
is a research assistant in the
Center on Social Dynamics
and Policy at the Brookings
Institution. He has experience
designing and implementing
numerical and agent-based
models in areas such as public
health, natural resource
management, and game theory.
Ross A. Hammond, PhD
is a Senior Fellow in Economic
Studies at the Brookings
Institution, where he is Director
of the Center on Social Dynamics
and Policy. His primary area of
expertise is modeling complex
dynamics in economic, social,
and public health systems using
mathematical and computational
methods from complexity
science. His current research
topics include obesity etiology
and prevention, food systems,
tobacco control, behavioral
epidemiology, crime,
corruption, segregation,
and decision-making.
INTRODUCTION
Cyber-enabled Competitive Data Theft:
A Framework for Modeling Long-Run Cybersecurity Consequences
Allan A. Friedman, Austen Mack-Crane, and Ross A. Hammond
December 2013
