Investigating Cyber-Enabled Espionage and the U.S. Response

Cyber-enabled espionage, a form of cyber attack that steals sensitive data or intellectual property to gain an advantage over a competitive company or government entity, has plagued United States government networks for decades, most notably the SolarWinds attack in 2020. In light of this, researchers at the RAND Corporation sought out to understand why these cyber incidents keep occurring, whether U.S. responses have changed over time, whether they led to changes in adversary behavior, and what the U.S. can learn from these cases to inform future policymaking.

The authors explored three cases of Russian cyber-enabled espionage and two cases of Chinese cyber-enabled espionage dating back to the compromise of multiple government agencies in the late 1990s up to the 2015 compromise of the Office of Personnel Management.

Key findings from the report include:

  • Available response options are not limited to the cyber domain, and no one should expect them to be; and
  • The benefits of cyber-enabled espionage continue to outweigh any perceived repercussions for such countries as Russia and China

The report concludes with several recommendations for U.S. policymakers, including expanded diplomatic efforts to to call out indiscriminate cyber espionage, increasing active defense measures on U.S. government networks to hunt for adversary activity, and making better use of counterintelligence.

The full report can be found here.


For more information related to this piece, visit the HSDL Featured Topic on Cyber Crime & National Security or check out one of the many resources related to cyber attacks.

Please note that an HSDL login is required to view some of these resources.

Need help finding something?  Ask one of our librarians for assistance!