What threatens America’s prosperity and competitive advantage?

Foreign intelligence efforts to steal US intellectual property and trade secrets can significantly damage the economy.
30 July 2018

William R. Evanina, Director of the National Counterintelligence and Security Center (NCSC). Source: AFP

Cybersecurity is a growing concern, not only for American businesses but also for the US government.

The multitude of vulnerabilities in the new technology landscape of the country is making it increasingly difficult for people to understand, track, and discover threats – and if left unattended, can negatively impact the country’s growth and prosperity.

The National Counterintelligence and Security Center (NCSC) recently released the 2018 Foreign Economic Espionage in Cyberspace report, which highlights current threats and future trends in foreign intelligence efforts to steal US intellectual property, trade secrets, and proprietary information via cyberspace

“Building an effective response to this tremendous challenge demands an understanding of economic espionage as a worldwide, multi-vector threat to the integrity of both the US economy and global trade,” said William R. Evanina, Director of the NCSC.

According to the report, cloud networks and IoT infrastructure are rapidly expanding the global online operational space. In fact, recent attacks on US businesses have demonstrated how the cloud can be used as a platform for cyber exploitation.

However, as IoT and AI applications expand to empower everything from smart homes to smart cities, the government estimates that billions of potentially unsecured network nodes will create an incalculably larger exploitation space for cyber threat actors.

“Lack of industry standardization during this pivotal first-generation deployment period will likely hamper the development of comprehensive security solutions in the near-term,” says the report.

However, the NCSC is quick to highlight the fact that while cyberspace is a preferred operational domain for economic espionage, it is one of many.

Sophisticated threat actors, such as adversarial nation-states and business rivals from other geographies, combine cyber exploitation with supply chain operations, human recruitment, and the acquisition of knowledge by foreign students in US universities, as part of a strategic technology acquisition program.

Based on the report, it seems as though the government anticipates that China, Russia, and Iran will remain aggressive and capable collectors of sensitive US economic information and technologies, particularly in cyberspace.

It is also expected that these foreign collectors of US intelligence will continue to deploy significant resources and a wide array of tactics to acquire proprietary information.

Although many aspects of U.S. economic activity and technology are of potential interest to foreign
intelligence collectors, we judge that the highest interest is in the following areas:

  • Energy/alternative energy
  • Biotechnology
  • Defense technology
  • Environmental protection
  • High-end manufacturing
  • Information and communications technology

A range of other potentially disruptive threats also warrants attention according to the NCSC.

“Software supply chain infiltration has already threatened the critical infrastructure sector and could threaten other sectors as well,” it said.

Recently, for example, hackers corrupted software distributed by the South Korea-based firm Netsarang which sells enterprise and network management tools.

The backdoor enabled downloading of further malware or theft of information from hundreds of companies in energy, financial services, manufacturing, pharmaceuticals, telecommunications, and transportation industries.

The truth is, businesses need to be careful about how they deal with security threats and vulnerabilities. It’s not just their trade secrets at stake, but also the future and economic security of the country.