Cyber Security Threats Offer New Legal Challenge to Holding Spies Responsible for Espionage
In December 2014, naturalized US citizen Mostafa Ahmed Awwad was arrested by the FBI for attempting to sell blueprints of the US Navy’s brand-new nuclear-powered aircraft carrier, the USS Gerald R. Ford. Awwad, a former Egyptian citizen and engineer in the Nuclear Engineering and Planning Department of the massive Norfolk Naval Shipyard, had a Secret security clearance and access to sensitive blueprints of the most advanced ship ever designed. The case against Awwad is pretty cut-and-dry. Believing he was corresponding with an Egyptian Intelligence officer, Awwad turned over computer-aided drawings of the aircraft carrier, wore a pinhole camera in sensitive areas of the shipyard to record restricted information, and acknowledged that the information he provided would be sent to Egypt for use. With the details of this case reading like a Cold War spy thriller, complete with dead-drops, spy gadgets, and a discreet payment left in a hole under a park bench in Southeast Virginia, the “Egyptian Intelligence officer” that Awwad was corresponding with was actually an undercover FBI agent. Awwad was arrested, charged with attempted espionage, and recently sentenced to eleven years in federal prison.
Modern-day espionage cases have all resulted in similar responses from the FBI and Department of Justice: arrest, try, and sentence. From Robert Hanssen to John Walker and Mostafa Ahmed Awwad, when suspected spies are caught, they’re tried and held responsible for their acts. But how does our justice system’s response to espionage change when the actors are not physically within our country when they’re spying? What about when the secrets that are stolen are taken over the internet?
US defense contractors spend billions of dollars every year on research and development to design and build the most sophisticated and advanced military equipment in the world. The USS Gerald R. Ford, for instance, will cost nearly $13 billion to design and build once complete. Similarly, the US military’s brand new F-35 Joint Strike Fighter has taken nearly twenty years and $400 billion to design and build, and its state of the art technology is more advanced than any other fighter jet ever built. Coincidentally, shortly after its debut, China unveiled its new J-31 fighter jet, which strikingly resembles the F-35 in its design and performance characteristics. The similarities, revealed to be from a 2007 data breach of US defense contractor Lockheed Martin’s computer servers by Chinese hackers, represent, “the greatest transfer of wealth in history,” and extend to include over fifty-terabytes of sensitive military weapon systems data—including the AEGIS Ballistic Missile Defense Radar System, and the Navy’s Littoral Combat Ship.
This new form of digital-espionage leaves the US in unchartered territory. Can the US treat these breaches the same way as traditional espionage cases? Is it even possible to hold faceless hackers halfway across the globe accountable under the US criminal justice system? Furthermore, how is the dynamic changed when the hacker is an individual activist (or hacktivist) versus a nation?
Judging by the Department of Defense’s initially tacit response to the massive hacks, and only fully revealed to the public after documents released by Edward Snowden detailed the theft, policy-makers, defense leaders, and the law enforcement community do not want to publicly define these acts because doing so would tie their hands in their response. While on the surface these two different forms of espionage yield similar results (i.e. sensitive military and intelligence information in the hands of our adversaries), the complexities of holding the perpetrators responsible are worlds apart.
Furthermore, the question remains of where the line is drawn between espionage or something more. The 2014 Chinese hacks on the personnel and security clearance databases of the Office of Personnel Management went beyond the previous breaches of military technology. Exposing over 22 million Americans’ social security numbers and personal life details, the hacks could have a very real, though likely not kinetic, effect on the lives of the US citizens whose information was stolen. By not defining these hacks or drawing any clear lines, the US retains the ability to choose how to best respond, and whether or not to make these responses public. Taking a hard line would tie the country’s hand whenever a breach occurs and could escalate a situation beyond the scope of the original act.
 Howell, Kellan. “FBI Charges Saudi-born Naval Engineer over Plans to Sink Aircraft Carrier.” The Washington Times 06 Dec. 2014. Web. 13 Nov. 2015.
 Zapotosky, Matt. “Navy Engineer Admits Trying to Leak Plans for New Aircraft Carrier to Egypt.” The Washington Post 15 June 2015. Web. 13 Nov. 2015.
 Cavas, Christopher P. “Navy Engineer Indicted for Trying to Sell Secrets.” Navy Times 05 Dec. 2014. Web. 13 Nov. 2015.
 FBI. “Navy Civilian Engineer Sentenced to 11 Years for Attempted Espionage.” FBI 2015. Web. 13 Nov. 2015.
 FBI. “Counterintelligence Cases Past and Present.” FBI 2013. Web. 13 Nov. 2015.
 Harper, Jon. “Funding Restricted for Ford-Class Carriers.” National Defense Magazine Sept. 2015. Web. 13 Nov. 2015.
 Wall Street Journal. “China’s Cyber-Theft Jet Fighter.” The Wall Street Journal 12 Nov. 2014. Web. 13 Nov. 2015.
 Goldstein, Sarah. “Snowden: Chinese Hackers Stole F-35 Fighter Jet Blueprints.” New York Daily News 20 Jan. 2015. Web. 13 Nov. 2015.
 Russian Today. “50 Terabytes! Snowden Leak Reveals Massive Size of F-35 Blueprints Hack by China.” Russian Today 19 Jan. 2015. Web. 13 Nov. 2015.
 Nakashima, Ellen. “Hacks of OPM Databases Compromised 22.1 Million People, Federal Authorities Say.” The Washington Post 09 Jul. 2015. Web. 14 Nov. 2015.