John Robusto | August 17, 2016
Before we examine the risks and threats around Industrial Espionage, we should take a look at the prize twinkling in the gimlet eyes of the global state run and independent hacking organizations. Forget your clichés of 70’s spook shows, with men in overcoats rifling through filing cabinets. It’s now more Macs than macs, and it’s big business.
America doesn’t just make things, it makes ideas. For proof of this, let’s take the assessment of the United States Patent and Trademark Office. Way back in their March 2012 Intellectual Property and the U.S. Economy: Industries in Focus report. The USPTO released their estimates, based on their 2010 data. Their findings stated that IP-intensive industries accounted for $5.06 trillion in value added or roughly 34.8% of the U.S. GDP in 2010.
That was six years ago, before the world, and particularly the US expanded headlong into the digital era, with all the implications that that has around IP. Safe to say we can take the nearly 40% figure as an extremely conservative base estimate for now.
So if that’s the prize, who has it in their sites? The cast of usual and unusual suspects could have us here for hours, so let’s focus on some familiar offenders, State and state sponsored actors from China, and others that you may not usually suspect. John Carlin is the Assistant Attorney General for National Security with responsibility for counterterrorism, cyberattacks and increasingly economic espionage and contributed to the engaging 60 Minutes piece, The Great Brain Robbery, on CBS. He states that thousands of US companies have been hit.
“This is a serious threat to our national security… They want to develop certain segments of industry and instead of trying to out-innovate, out-research, out-develop, they’re choosing to do it through theft.”
And before you comfort yourself that there’re probably not focused on your sector, he adds “Every industry, engineering documents, manufacturing processes, chip designs, telecommunications, pharmaceutical, you name it it’s been stolen.”
Another excellent source of information about just how serious this threat is, is a report titled China’s Espionage Dynasty – Economic Death by a Thousand Cuts, from the Cyber Security Think Tanks, the Institute for Critical Infrastructure Technology (ICIT). They assert:
“The criminal culture of theft that has been injected into virtually every line of China’s 13th Five-Year Plan is unprecedented. From state sponsored smash and grab hacking and techno-pilfering, to corporate espionage and targeted theft of IP, the threat is real, the economic implications are devastating and Western Nations are the primary target of China’s desperate effort to steal in order to globally compete. Never before in recorded history has IP transfer occurred at such a rapid velocity.”
ICIT Fellow John Sabin put’s it a little more bluntly, saying “When you understand China’s desire to be a global leader across markets, you can rationalize their preference to simply steal intellectual property.”
The names of the Chinese state sponsored groups range from the oblique to the ridiculous. Unit 61398 targets Information Technology, Aerospace, Defense, Energy, Manufacturing, Public Administration, whereas Kung Fu Kitten turned its presumably adorable attentions to Healthcare, Aerospace, and Energy.
So how big is the problem? The numbers range dramatically, with some researchers estimating the damage to be north of $300-500 billion and 1.2 million jobs lost every year to the theft of intellectual property. BlackOps Partners Corporation, which works with Fortune 500 companies on counter-intelligence and protection puts the number at $500 billion in raw innovation stolen every year.
In 2012, General Keith Alexander, NSA director and commander of U.S. Cyber Command described economic espionage as “the greatest transfer of wealth in history.”
The FBI themselves place the cost to the US at a more modest figure of $13 billion a year – but base that number purely on the current FBI cases where spies have been caught and charged. The reality is most of this type go either unreported or unnoticed.
You can’t accuse the US Government of not taking this threat seriously – a year ago they launched a Nationwide awareness campaign around economic espionage, going as far as releasing a lavish, high-production value short film, The Company Man.
And just a few weeks ago, the Chinese businessman Su Bin was sentenced to nearly four years in prison in Los Angeles, for conspiring to export sensitive military information after accessing U.S. defense contractor computer systems.
In 2014, John Carlin’s National Security division at the Justice Department
criminally charged five military officers in the Chinese Military with economic espionage… though I wouldn’t hold your breath with regards to seeing them in court.
If all this has got you worried – well, good you should be. But far better than worrying, is being proactive and asking yourself if you are doing everything you can to protect your organization?
John Carlin is quite right when he talks about needing to go on the offensive and “increase the cost” of trying to hack your business. The right kind of systems and technologies can make your organization significantly less attractive, and really good solutions can lock things down.
With mobility communications being a key area of exploitation, each executive is carrying around their company’s intellectual property, customer contacts, and strategic plans in their pockets. Some simple steps can keep your IP and your trade secrets your own. Mobility communications is a primary means to exploit you and your company, at home and abroad. There is no assumption of privacy as you use your mobile device or computer.
At Communications security group, (CSG) we focused on the issue of secure mobile communications for customers. The fact that the majority of people now carry the internet around in their pocket is why we have developed the best mobility security for corporate, medical, financial, and government. Our world-class solutions Cellcrypt and Seecrypt offer military-grade, end-end encryption for voice, messaging, instant conference calling and document sharing. It’s the real deal. With my background I should know.