Feature

Cybersecurity and Cybercrime: Intellectual Property and Innovation

Emile Loza de Siles

©2015. Published in Landslide, Vol. 8, No. 2, November/December 2015, by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association or the copyright holder.

Cybersecurity and the industry, innovation, and issues it generates are profoundly transformative and intensely critical at every level and many or most social, corporate, and government functions.1 Cybersecurity legal issues cover a vast range: cyber warfare;2 national security;3 critical infrastructure defense;4 Internet access and freedom;5 data privacy and security;6 trusted software development and deployment;7 law firms’ protection of patent application, bank, and other confidential information;8 “hacking back” and other active cyber defense measures;9 information sharing by cyberattacked organizations;10 and more. This brief article begins the learning trek up that Matterhorn and outlines the relevance of cybersecurity and cybercrime to intellectual property and innovation.11

The Staggering Numbers

The global cybersecurity market for solutions and services will exceed $170 billion by 2020.12 The driver for that growth is cybercrime, the global financial impact of which is an estimated $375 billion to $575 billion every year.13 A 2014 global survey of some 9,700 executives found that cyberattacks rocketed up by 48 percent within a single year.14 By 2019, the costs of cybercrime to businesses will top $2 trillion worldwide,15 up from an estimated $1 trillion in 2012.16 Cybercrime-produced employment losses in the United States alone run more than 500,000 jobs.17 Beyond direct impacts and job losses, cybercrime also exposes companies to contract breach and other litigation risks.18 Reflecting this risk exposure and other trends,19 a 2014 PricewaterhouseCoopers survey sponsored by the U.S. Secret Service and others (Secret Service Survey) found that as much as 75 percent of corporate cybercrime in the United States may go unreported.20

These stunning statistics pale in comparison, however, to the inestimable value of cyber-compromised or – stolen intellectual property each year.21 Then-National Security Agency director and commander of the United States Cyber Command, General Keith B. Alexander said that cyber threats represent the “greatest transfer of wealth in history.”22 When he made this 2012 statement, cyber theft of intellectual property cost United States companies alone an estimated $360 billion per year.23 Cyber theft of intellectual property has become even more costly and destructive as criminal conduct has become more virulent and sophisticated. The threat curve has gone logarithmic. In 2015, executives in a global survey reported that cyber thefts of intellectual property have vaulted 19 percent over the prior year.24 Cybercrime undermines or even decimates innovation, innovator sustainability, and innovation-driven economic growth.25

In 2014, the Secret Service Survey revealed that 19 percent of the detected cyberattacks on the government industry sector compromised or resulted in the theft of intellectual property and other proprietary information.26 Another 24 percent of detected cyberattacks within this industry resulted in unauthorized access or use of data, networks, and systems.27 In the information technology and telecommunications industry, 31 percent of detected cyberattacks altered software applications, operating systems, or files, and 19 percent resulted in unauthorized access or use of data, networks, and systems.28 Losses of trade secrets and other proprietary information by detected cyberattacks are high across numerous industries, ranging from 19–23 percent of cyberattacks upon the financial, healthcare, and insurance industries.29

Undetected cyberattacks are even more concerning. As of 2012, 99 percent of cyberattacks were undetected.30 Among the tiny 1 percent of cyberattacks that were detected, detections only may have occurred after long periods of intrusion. For example, APT1, a cyberespionage unit tied to the Chinese government, maintained undetected access to its victims’ networks for an average of almost one year (356 days) and up to almost five years (1,764 days) before being outed.31

Black Hat Hackers

Insiders, competitors, nation states, organized crime syndicates, terrorists, and often unidentifiable others carry out or sponsor cyberattacks.32 Twenty-eight percent of Secret Service Survey respondents said that trusted insiders carried out cyberattacks against them.33 Forty-three percent of insider cyberattacks adversely impacted intellectual property rights.34 Given this intellectual property targeting, almost one-third (32 percent) of respondents said that insider cyberattacks were more damaging than outsider attacks.35 Insider attacks, however, are often kept out of the media, law enforcement reporting mechanisms, and the courts,36 despite the availability of potentially powerful relief under the federal Racketeer Influenced and Corrupt Organizations Act,37 the Computer Fraud and Abuse Act,38 and other laws.

State-sponsored cybercrime is also a significant and highly publicized threat. Companies increasingly find themselves on the front lines of the guerilla war in cyberspace.39 State-sponsored cyberattacks frequently target critical infrastructure and defense industries.40 A collective 38 percent of such attacks target the technology, telecommunications, energy, and aerospace and defense industries.41 The United States government charged five Chinese military operatives in May 2014 with hacking into the networks of U.S. manufacturers of nuclear reactors, solar panels, and other technologies.42 Executives surveyed in a 2015 global survey reported an 86 percent increase in state-sponsored cyberattacks on their organizations.43 Competitors are increasingly linked with nation states as the perpetrators or sponsors of cyberattacks in Asia Pacific and especially in China, as reported by nearly half (47 percent) of the surveyed executives there.44

Black Hat Innovation

Black hat innovation in cybercrime is booming. Threat actors, including malicious software authors and the cybercriminals that deploy that malware, are innovating so rapidly that 2015 is on target to be a record year.45 For example, Angler and other exploit kits draft closely behind Adobe Flash Player patch releases, exploiting more than 100 vulnerabilities within those patches this year alone and within mere days of those releases.46 Java exploitations follow a similar pattern, and software developers and security teams and vendors struggle to stay ahead.47

Open source–based applications, like Linux, were once believed to be more secure than proprietary counterparts.48 Heartbleed and Shellshock, the world’s biggest cyber exploits to date, put the lie to such beliefs in 2014.49 Some 500,000 highly trusted websites’ servers, including that hosting the U.S. Federal Bureau of Investigation’s website, were vulnerable to Heartbleed.50 Shellshock trumped that with millions of vulnerable devices.51

Ransomware now encrypts the victims’ hijacked data with attacks continuing to grow worldwide and expanding to mobile devices in 2014.52 Also in 2014, Energetic Bear, a hacker group tied to the Russian Federation, launched a new malware weapon, Havex, to break into, infect, and then transfer confidential information out of energy sector and other such industry control systems (ICS) in at least 23 countries.53 The sophistication and high degree of effectiveness of Havex and other ICS-capable malware modules, such as BlackEnergy II, represent significant monetary and time investments by cybercriminals.54

Cybercriminals also are professionalizing their teams to maximize profitability and to innovate their attack and obfuscation tactics.55 In “domain shadowing,” for example, threat actors compromise a domain name registration account, create subdomains thereunder, and then host transient websites for those subdomains at rapidly changing IP addresses.56 Domain shadowing, coupled with the encryption of the malware payloads injected into users’ systems upon visits to these transient sites, allows threat actors to delay or escape altogether detection by antivirus engines.57 Ransomware attacks extract payment from corporate and individual victims using difficult-to-track cryptocurrency at a price point sufficiently low as to often go unreported.58

White Hat Innovation

White hat cybersecurity innovation is also roiling, as is the funding push for that innovation.59 Worldwide, an estimated $22 billion changed hands in cybersecurity mergers and acquisitions during 2008 through the first half of 2011,60 with Intel’s $7.7 billion acquisition of McAfee accounting for about a third of that value.61

The boom continues. FireEye Inc. raised $304 million in its initial public offering in September 2013,62 and then four months later paid more than $1 billion in cash and stock to acquire Mandiant, a cyberattack response and intelligence firm.63 In October 2013, Cisco Systems Inc. paid some $2.7 billion for Sourcefire Inc., whose antihacking technology is deployed extensively by the U.S. government.64 In January 2014, Palo Alto Networks Inc. acquired two-year-old Morta Security,65 and two months later purchased startup Cyvera and its endpoint security technology for about $200 million.66 In June 2014, Cisco acquired ThreatGRID Inc. and its advanced malware analysis and intelligence technology.67 In April 2015, Raytheon contributed about $1.9 billion for an 80.3 percent stake in Websense and its cybersecurity platform technology.68 In May 2015, Palo Alto Networks announced plans to acquire CirroSecure to boost its software-as-a-service (SaaS) security offerings,69 and Fortinet paid $44 million for Meru Networks to tap into the enterprise secure wireless market.70 In June 2015, Cisco went public with its $635 million plan to acquire OpenDNS Inc., a private cloud security company.71 In July 2015, CrowdStrike, which fields a next-generation endpoint protection platform using a SaaS model, closed a $100 million Series C round of financing led by Google Capital.72 The investments go on and on, and white hat innovation should accelerate even more quickly as the industry grows and then consolidates.73

The U.S. Patent and Trademark Office (USPTO) also inaugurated a cybersecurity innovation initiative, holding its first cybersecurity partnership meeting in Silicon Valley in November 2014.74 The initiative’s launch was important in view of the U.S. Supreme Court’s recent decision in Alice Corp. Pty. Ltd. v. CLS Bank International,75 which some commentators have argued has significantly truncated software patentability in some areas.76

Alice and the need for more covert intellectual property strategies in the cybersecurity industry sharpen the debate on patent versus trade secret protection. Some recommend a combined patent and trade secret approach as the most robust strategy.77 However, a quick search of U.S. patents and published U.S. patent applications suggests that cybersecurity portfolios may be trending more toward trade secrets.78 But as trade secrets comprise an increasing proportion of these portfolios, insider cyberattacks targeting those secrets certainly may increase.

Toward Global Cyber Governance

Cybercrime is spurring policy79 and legal80 developments, including international developments. In April 2015, the Global Conference on CyberSpace convened at The Hague with cybersecurity and its multiple facets comprising one of the conference’s three major themes.81 Among those facets are needs for greater private-public cooperation and for improved international legal regimes to combat cybercrime. The Organization of American States (OAS) reiterates the urgency and importance of greater public-private engagement to cybersecurity.82 Technology industry leaders and scholars likewise call for a global cyber governance framework.83

Conclusion

Intellectual property and other proprietary information are the crown jewels of most organizations and high-value targets for cybercriminals of all stripes.84 Cybersecurity is unendingly transforming the world, business, and legal practice. It is imperative that intellectual property and indeed all practitioners develop competency85 on the topic or, at least, the ability to spot cybersecurity issues and a network of knowledgeable colleagues with whom to consult.

Endnotes

1. See, e.g., Press Release, The White House, Fact Sheet: Administration Cybersecurity Efforts 2015 (July 9, 2015), https://www.whitehouse.gov/the-press-office/2015/07/09/fact-sheet-administration-cybersecurity-efforts-2015.

2. See, e.g., Johann-Christoph Woltag, Cyber Warfare: Military Cross-Border Computer Network Operations under International Law (2014).

3. See, e.g., The U.S. Coast Guard Cyber Strategy: A Conversation with Admiral Paul F. Zukunft, Center for Strategic and Int’l Stud. (June 24, 2015), http://csis.org/multimedia/podcast-us-coast-guard-cyber-strategy-conversation-admiral-paul-f-zukunft.

4. See Improving Critical Infrastructure Cybersecurity, Exec. Order No. 13,636, 78 Fed. Reg. 11,739 (Feb. 19, 2013).

5. See, e.g., The Estonia Model: Why a Free and Secure Internet Matters, Woodrow Wilson Int’l Center for Scholars (Apr. 21, 2015), http://www.wilsoncenter.org/event/the-estonia-model-why-free-and-secure-internet-matters.

6. See, e.g., Ellen Nakashima, Security Firm Finds Link between China and Anthem Hack, Wash. Post, Feb. 27, 2015, https://www.washingtonpost.com/blogs/the-switch/wp/2015/02/27/security-firm-finds-link-between-china-and-anthem-hack/.

7. See, e.g., Complaint ¶¶ 7–10, Lookout Servs., Inc., FTC Dkt. No. C-4326 (June 15, 2011), https://www.ftc.gov/sites/default/files/documents/cases/2011/06/110615lookoutcmpt.pdf (alleging Federal Trade Commission Act, 15 U.S.C. § 45(a), violations where defendant failed to assess and address widely known vulnerabilities of its web application, permitting repeated access to personal data of some 37,000 consumers for least three years); Cisco Sys. Inc., Cisco 2015 Midyear Security Report 3, 20–22, figs.15 & 32 (2015), http://pages.sourcefire.com/K006jYC06Dbr0N5oR0m40J0 [hereinafter Cisco Report]; Andy Greenberg, After Jeep Hack, Chrysler Recalls 1.4M Vehicles for Bug Fix, Wired (July 24, 2015), http://www.wired.com/2015/07/jeep-hack-chrysler-recalls-1-4m-vehicles-bug-fix/.

8. See Cybersecurity: How to Keep You and Your Clients from Becoming Tomorrow’s Headlines, A.B.A. (Aug. 1, 2015), http://www.americanbar.org/news/abanews/aba-news-archives/2015/08/cybersecurity_howt.html; Matthew Goldstein, Citigroup Report Chides Law Firms for Silence on Hackings, N.Y. Times, Mar. 26, 2015, http://www.nytimes.com/2015/03/27/business/dealbook/citigroup-report-chides-law-firms-for-silence-on-hackings.html?_r=0 (discussing internal April 2015 report by Citigroup’s Cyber Intelligence Center).

9. See Ctr. for Strategic & Int’l Studies (CSIS) & Cybersecurity Unit, U.S. Dep’t of Justice, CSIS/DOJ Active Cyber Defense Experts Roundtable (Mar. 10, 2015), http://csis.org/files/publication/150519_CountermeasuresDOJ.pdf.

10. See Promoting Private Sector Cybersecurity Information Sharing, Exec. Order No. 13,691, 80 Fed. Reg. 9349 (Feb. 20, 2015).

11. See, e.g., Jill D. Rhodes & Vincent I. Polley, The ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms, and Business Professionals (2014).

12. Cyber Security Market Worth $170.21 Billion by 2020, PR Newswire (June 10, 2015), http://www.prnewswire.com/news-releases/cyber-security-market-worth-17021-billion-by-2020-506781871.html.

13. Ctr. for Strategic & Int’l Studies, Net Losses: Estimating the Global Cost of Cybercrime 2 (2014), http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf [hereinafter CSIS Cybercrime Report].

14. See PricewaterhouseCoopers LLP, Managing Cyber Risks in an Interconnected World: Key Findings from the Global State of Information Security Survey 2015, at 7 (2014), http://www.pwc.com/gx/en/consulting-services/information-security-survey/assets/the-global-state-of-information-security-survey-2015.pdf [hereinafter PwC Report]. The PwC Report summarizes findings from the Global State of Information Security Survey 2015, which occurred from March to May 2014, producing responses from more than 9,700 executives in 154 countries. See id. at 35.

15. Cyber Crime: Modernizing Our Legal Framework for the Information Age, Hearing Before the Subcomm. on Crime & Terrorism, of the S. Comm. on the Judiciary, 114th Cong. 3 (2015) (statement of David M. Bitkower, Deputy Assistant Att’y Gen., Criminal Div., Dep’t of Justice), http://www.justice.gov/opa/file/627486/download.

16. Josh Rogin, NSA Chief: Cybercrime Constitutes the “Greatest Transfer of Wealth in History, Foreign Pol’y (July 9, 2012), http://foreignpolicy.com/2012/07/09/nsa-chief-cybercrime-constitutes-the-greatest-transfer-of-wealth-in-history/.

17. Info. Tech. & Innovation Found., Innovation Fact of the Week (Mar. 3, 2015) (analyzing CSIS Cybercrime Report, supra note 13).

18. The Support Anti-Terrorism by Fostering Effective Technologies, or SAFETY, Act may help companies mitigate liability under such claims. 6 U.S.C. §§ 441–44; see Brian E. Finch & Leslie H. Spiegel, Litigation Following a Cyber Attack: Possible Outcomes and Mitigation Strategies Utilizing the SAFETY Act, 30 Santa Clara High Tech. L.J. 349 (2014).

19. See infra text accompanying notes 52 & 58.

20. PricewaterhouseCoopers LLP, US Cybercrime: Rising Risks, Reduced Readiness: Key Findings from the 2014 US State of Cybercrime Survey 11 (2014), http://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/2014-us-state-of-cybercrime.pdf [hereinafter Secret Service Survey] (reporting of insider cybercrimes); see U.S.-China Cybersecurity Issues: Roundtable Before the U.S.-China Econ. & Sec. Review Comm’n, 113th Cong. 8–9 (July 11, 2013) (remarks of Comm’r Michael R. Wessel) (“[Y]ou’re also going to be scared to death about telling the public that your intellectual property has actually been stolen.”).

21. See CSIS Cybercrime Report, supra note 13, at 6, 9, 12–13; PwC Report, supra note 14, at 10.

22. Cybersecurity and American Power: Addressing New Threats to America’s Economy and Military, Am. Enterprise Inst. (July 9, 2012), http://www.aei.org/events/cybersecurity-and-american-power/.

23. Rogin, supra note 16.

24. PwC Report, supra note 14, at 16 (reporting increased intellectual property thefts in aerospace and defense, telecommunications, technology, and oil and gas industries). The survey’s use of “intellectual property” does not align with the legal term of art, but is nonetheless insightful as it encompasses trade secrets and other proprietary information.

25. See Cisco Report, supra note 7, at 35; CSIS Cybercrime Report, supra note 13, at 12–13.

26. Secret Service Survey, supra note 20, at 8 fig.1.

27. Id. Such unauthorized access or use is significant in the context of intellectual property in that many victims of cyber theft of intellectual property may not know exactly what is being stolen during these incidences. See id. at 9.

28. Id. at 8 fig.1.

29. Id.

30. Rogin, supra note 16.

31. See Mandiant Corp., APT1: Exposing One of China’s Cyber Espionage Units 3 (2013), http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf; see also infra note 63 (reporting acquisition of Mandiant by FireEye Inc.).

32. See William A. Carter & Denise E. Zheng, Strategic Techs. Program, Ctr. for Strategic & Int’l Studies, The Evolution of Cybersecurity Requirements for the U.S. Financial Industry 2 (2015), http://csis.org/files/publication/150717_Carter_CybersecurityRequirements_Web.pdf (terrorists); PwC Report, supra note 14, at 13–15 (insiders); 14, 16 (competitors); 13–17 (organized crime); Secret Service Survey, supra note 20, at 8 fig.1 (source unidentifiable in 26 percent of detected cyberattacks); Andrew Mayeda, Canada Pushes China on Cyberattacks after Research Breach, Sydney Morning Herald, July 30, 2014, http://www.smh.com.au/world/canada-pushes-china-on-cyberattacks-after-research-breach-20140730-zybu1.html (state-sponsored).

33. Secret Service Survey, supra note 20, at 9, 10 fig.2.

34. See id. at 10 fig.2.

35. Id. at 9.

36. Id. at 9, 10 fig.2.

37. 18 U.S.C. §§ 1961, 1962.

38. Id. § 1030.

39. See Gary J. Schmitt, How to Meet the Threat from China’s Army of Cyber Guerillas, Am. Enterprise Inst. (June 6, 2013), https://www.aei.org/publication/how-to-meet-the-threat-from-chinas-army-of-cyber-guerrillas/.

40. See PWC Report, supra note 14, at 16.

41. See id. Respectively, 9 percent, 9 percent, 11 percent, and 9 percent of state-sponsored cyberattacks target these industries.

42. See Tomoyuki Kawai, Latest US Charges Renew Fears of Chinese Industrial Spying, Nikkei Asian Rev. (May 28, 2015), http://asia.nikkei.com/magazine/20150528-TROUBLE-IN-PARADISE/Business/Latest-US-charges-renew-fears-of-Chinese-industrial-spying.

43. PWC Report, supra note 14, at 16. But see Richard Abott, Harvard Brief Says U.S. Exaggerates Chinese Cyber Capabilities, Causes Dangerous Mistrust, Def. Daily (May 13, 2015).

44. PWC Report, supra note 14, at 16; see also Tonda MacCharles, The Spies Next Door: Which Nation Is the Top Source of Espionage-Linked Expulsions from Canada? You May Be Surprised, Toronto Star, Mar. 3, 2015, at A1 (2004–2014 Canadian expulsions, in ranked order of frequency, to United States, China, India, Sweden, and Russia).

45. See Cisco Report, supra note 7, at 8–9.

46. See id. at 8–9 & fig.2.

47. See id. at 9–10 & fig.3.

48. See Trend Micro Inc., Magnified Losses, Amplified Need for Cyber-Attack Preparedness 13 (2015), http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt-magnified-losses-amplified-need-for-cyber-attack-preparedness.pdf [hereinafter Trend Micro Report].

49. See id. at 3, 12–13 & nn.43–46.

50. Paul Mutton, Half a Million Widely Trusted Websites Vulnerable to Heartbleed Bug, Netcraft (Apr. 8, 2014), http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html.

51. Cesar Cerrudo, Why the Shellshock Bug Is Worse Than Heartbleed, MIT Tech. Rev. (Sept. 30, 2014), http://www.technologyreview.com/view/531286/why-the-shellshock-bug-is-worse-than-heartbleed/.

52. See Trend Micro Report, supra note 48, at 17–19, 22–23.

53. CrowdStrike, Inc., CrowdStrike Global Threat Report: 2013 Year in Review 16–17 (2014), http://www.crowdstrike.com/wp-content/uploads/cs_downloads/CrowdStrike_2013_Global_Threat_Intel_Report.pdf [hereinafter CrowdStrike Report]; Trend Micro Inc., Analysis and Commentary on the State of Cybersecurity in Critical Infrastructure in the Americas, in Org. of Am. States & Trend Micro Inc., Report on Cybersecurity and Critical Infrastructure in the Americas 8, 9 (2015), http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/critical-infrastructures-west-hemisphere.pdf [hereinafter OAS Report].

54. See CrowdStrike Report, supra note 53, at 16–17; Trend Micro, supra note 53, at 8, 9; Michael Assante, Dir., Indus. Control Sys., Havex Malware Targets SCADA Systems, SANS Inst. editor’s n. (June 23, 24 & 26, 2014), http://www.sans.org/newsletters/newsbites/xvi/51#200 (“The addition of an OPC exploit module to the Havex Trojan and observed delivery tactic of watering-holes using ICS supply chain related websites, exemplifies the newest chapter in the book of ICS cyber threats.” (emphasis added)).

55. See generally Cisco Report, supra note 7, at 9–19, 23, 25.

56. See id. at 11.

57. See id. at 11–12 & figs.5 & 6.

58. See id. at 13–15.

59. See, e.g., Cisco Report, supra note 7, at 32–36; Byron Acohido, Cybersecurity Companies Attracting Huge Investment, USA Today, Oct. 16, 2013, http://www.usatoday.com/story/cybertruth/2013/10/16/cybersecurity-companies-attracting-huge-investment/2997737/.

60. PricewaterhouseCoopers LLP, Cyber Security M&A: Decoding Deals in the Global Cyber Security Industry 6 (2011), http://www.pwc.com/en_GX/gx/aerospace-defence/pdf/cyber-security-mergers-acquisitions.pdf.

61. Ashlee Vance, With McAfee Deal, Intel Looks for Edge, N.Y. Times, Aug. 19, 2010, http://www.nytimes.com/2010/08/20/technology/20chip.html?_r=0.

62. Cybersecurity Provider FireEye Prices IPO at $20/shr, Reuters (Sept. 20, 2013), http://www.reuters.com/article/2013/09/20/fireeye-ipo-pricing-idUSL2N0HF1TL20130920.

63. Nicole Perlroth & David E. Sanger, FireEye Computer Security Firm Acquires Mandiant, N.Y. Times, Jan. 2, 2014, http://www.nytimes.com/2014/01/03/technology/fireeye-computer-security-firm-acquires-mandiant.html?_r=0.

64. Jordan Robertson, Cisco Agrees to Buy Sourcefire in $2.7 Billion Deal, BloombergBusiness (July 23, 2013), http://www.bloomberg.com/news/articles/2013-07-23/cisco-agrees-to-buy-sourcefire-in-2-7-billion-deal; see Acquisitions, Cisco, http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/sourcefire.html (last visited Sept. 5, 2015).

65. Palo Alto Networks Acquires Stealth Mode Startup Morta Security, Security Wk. (Jan. 6, 2014), http://www.securityweek.com/palo-alto-networks-acquires-stealth-mode-startup-morta-security.

66. Mike Lennon, Palo Alto Networks to Acquire Cyvera for $200 Million, Security Wk. (Mar. 24, 2014), http://www.securityweek.com/palo-alto-networks-acquire-cyvera-200-million.

67. See Acquisitions: Cisco Has Acquired ThreatGRID, Cisco, http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/threatgrid.html (last visited Sept. 5, 2015); Hilton Romanski, Cisco Announces Intent to Acquire ThreatGRID, Cisco Blogs (May 21, 2014), http://blogs.cisco.com/news/cisco-announces-intent-to-acquire-threatgrid?_ga=1.146697396.1480794601.1438514048 (undisclosed terms).

68. Katie Kuehner-Hebert, Raytheon Buying Cyber-Security Firm Websense, CFO.com (Apr. 20, 2015), http://ww2.cfo.com/cyber-security-technology/2015/04/raytheon-buying-cyber-security-firm-websense/.

69. See Sarah Kuranda, Palo Alto Networks Acquires CirroSecure to Boost SaaS Application Security Offerings, CRN (May 27, 2015), http://www.crn.com/news/security/300076950/palo-alto-networks-acquires-cirrosecure-to-boost-saas-application-security-offerings.htm (undisclosed terms).

70. See Sarah Kuranda, Fortinet Dives Deep into Enterprise Secure Wireless Market with Meru Networks Acquisition, CRN (May 27, 2015), http://www.crn.com/news/security/300076943/fortinet-dives-deep-into-enterprise-secure-wireless-market-with-meru-networks-acquisition.htm.

71. Madeleine Johnson, Cisco Systems Expands Cyber Security Business with $635 Million OpenDNS Acquisition, Zacks (June 1, 2015), http://www.zacks.com/stock/news/180329/cisco-systems-expands-cyber-security-business-with-635-million-opendns-acquisition.

72. Press Release, CrowdStrike Inc., CrowdStrike Closes $100 Million Financing Round Led by Google Capital (July 13, 2015), http://www.crowdstrike.com/crowdstrike-closes-100-million-financing-round-led-by-google-capital/.

73. See, e.g., Cisco Report, supra note 7, at 32–36.

74. See First Cybersecurity Partnership Meeting, USPTO, http://www.uspto.gov/about-us/events/first-cybersecurity-partnership-meeting (last visited Sept. 5, 2015).

75. 134 S. Ct. 2347 (2014).

76. See USPTO, Cybersecurity Partnership Meeting 60–73 (Nov. 14, 2014), http://www.uspto.gov/sites/default/files/documents/nov2014-cybersecurity-partnership-presentation_0.pdf (remarks of Angela Ziegenhorn, Senior Dir. IP, Symantec Corp.).

77. See id. at 109 (remarks of David Kinsinger, Vice President, Chief Patent Counsel, L-3 Communications Holdings Inc.).

78. On September 5, 2015, a quick search of the USPTO’s databases (http://patft.uspto.gov/) revealed only 109 patents and 116 published patent applications mention “cybersecurity.” This quick search did not reveal all cybersecurity patents and patent applications, see, e.g., Press Release, CrowdStrike Inc., CrowdStrike Granted Patent for Next-Generation Endpoint Security Platform (July 2, 2015), http://www.crowdstrike.com/crowdstrike-granted-patent-for-next-generation-endpoint-security-platform/ (claiming a system of “kernel-level security” rather than “cybersecurity”), but suggests that cybersecurity-related patenting activity is disproportional to industry growth.

79. See, e.g., Internet Policy Task Force, U.S. Dep’t of Commerce, Cybersecurity, Innovation and the Internet Economy (2011), http://www.nist.gov/itl/upload/Cybersecurity_Green-Paper_FinalVersion.pdf.

80. See, e.g., Theresa Papademetriou, European Union: Member States Disagree over Proposed Cybersecurity Directive, Global Legal Monitor (June 12, 2015), http://www.loc.gov/lawweb/servlet/lloc_news?disp3_l205404443_text.

81. See Global Conf. on CyberSpace 2015, https://www.gccs2015.com/ (last visited Sept. 5, 2015).

82. See Adam Blackwell, Sec’y for Multidimensional Sec., Org. of Am. States, Foreword, in OAS Report, supra note 53, at 3, 3; OAS Country Survey Results, in OAS Report, supra note 53, at 23, 31 (“With only 1 in 5 (21%) respondents stating an active [public-private partnership] dialogue[,] there is a high level of improvement to be done to effectively deal with the threat.”).

83. See, e.g., Cisco Report, supra note 7, at 32–36; Andrew F. Popper, More Than the Sum of All Parts: Taking on IP and IT Theft through a Global Partnership, 12 Nw. J. Tech. & Intell. Prop. 253 (2014).

84. See Cybersecurity Unit, Dep’t of Justice, Best Practices for Victim Response and Reporting of Cyber Incidents 1–2 (2015), http://www.justice.gov/sites/default/files/opa/speeches/attachments/2015/04/29/criminal_division_guidance_on_best_practices_for_victim_response_and_reporting_cyber_incidents.pdf.

85. See Emile Loza, Attorney Competence, Ethical Compliance, and Transnational Practice, 52 Advocate (Idaho State Bar), no. 10, Oct. 2009, at 28, available at http://isb.idaho.gov/pdf/advocate/issues/adv09oct.pdf.

Emile Loza de Siles

Emile Loza de Siles is the managing partner and founder of Technology & Cybersecurity Law Group, PLLC. Her representative clients include Fortune 500 and other information technology and innovator companies.