Government // Cybersecurity
Commentary
11/18/2013
09:04 AM
50%
50%

Stealing Americaís Future

US companies lose about $300 billion a year to cyberespionage and intellectual property theft. We need a concerted effort to stop it.

The technology world has entered an era of sustainable innovation that is producing untold amounts of intellectual property (IP). This is the raw material fueling the US and global economies and leading to fundamental changes in the nature of new products and services and how we consume them.

Many of these products and services don't exist yet. They are on the whiteboards and in the minds of individuals at companies and R&D facilities. Nevertheless, there is a growing sense that creations of the mind -- IP -- have become part of the currency of modern-day society. Economists have theorized that knowledge and ideas are becoming more of a driving force for economic development. That is why IP has become the foundation of many businesses, as well as an asset that is factored into value calculations as companies are routinely bought and sold.

A 2012 US Commerce Department report, "Intellectual Property and the U.S. Economy," speaks to the importance of intellectual property. IP-intensive industries are responsible for at least 40 million jobs and contribute more than $5 trillion dollars (34.8 percent) to the nation's gross domestic product, the report said. That is why it has become a high-value target for thieves and rogue nation states.

Many in the world have viewed the US as a country that fosters constant innovation. For decades, it has been seen as the technology research and development lab for the world. That R&D has driven new products and services. One commonly used measure of innovation (rightly or wrongly) is IP output, which is commonly measured by the number of patents granted in a given year.

[What do CIOs need to watch out for in developing their strategies? Read 3 Disruptive Technologies Gaining Speed ]

What is surprising to many is that the US was second behind Japan in terms of patents granted for many years. What is worse is that most do not know that the US fell to third in patents granted worldwide in 2011. What country displaced the US as No. 2? China.

According to a World Intellectual Property Organization report, between 2008 and 2011, the number of patents granted to China increased 350 percent. US patents grew by less than half that rate. Is China that innovative and creative? Many say no; they believe stolen IP is at least partially responsible for the surge.

The US government recently addressed the issues of cyberespionage and IP theft with Chinese officials. The Treasury Department reported in July, "Chinese officials acknowledged U.S. concerns over the growing problem of the cyber-enabled theft of trade secrets and business confidential information." That is the first step, and it will be interesting to see if this stems the flow of IP theft.

Intellectual property theft
Investigators and government officials have called the scope and scale of international theft of US intellectual property unprecedented. Computer systems don't have to be hacked for IP to be stolen. The Commission on the Theft of American Intellectual Property estimated the annual losses for US companies from cyberespionage and other forms of IP theft from foreign countries at $300 billion.

Rep. Tim Murphy (R-PA) said it best, "From defense contractors to manufacturing, no American company has been immune from the scourge of Chinese intellectual property theft."

In one incident, a cybersecurity company was doing an assessment for a midsized client in specialty equipment. The company discovered compressed files that had been exfiltrated from the client's systems. Further investigation revealed that the files contained the detailed bill of materials for the client's products and other sensitive competitive information.

A recent Symantec study found that half of all departing employees retain confidential company files after their termination. You don't have to be in some exotic technology or in the defense industry to be targeted or become a victim of IP theft these days. In fact, some companies that specialize in these areas call IP theft by departing employees a common practice.

Consider what happens when salespeople resign and go to work elsewhere. The customer contact lists they developed, used, and updated as part of their work for their former employer is of substantial value to them and their new employer. One individual told me a new employer was applying a lot of pressure to turn over the contact/customer list of the previous employer, as well as any PowerPoint slide decks.

That is at one end of the spectrum. At the other end is where people are enticed to leave an employer for a competitor and take with them the source code for the former employer's main product. An individual from a well-funded startup contacted me and told me it had found a competitor's source code on its development servers and asked what to do.

Intellectual property is the hard work of individuals within organizations and represents the products, services, and businesses of the future. Few dispute the fact that IP theft can be catastrophic -- causing the victim company to lose its competitive advantage and possibly go out of business. Or, worse, could the next Netscape or Facebook go from being a US company to the shining star of Russia, China, or some other country? You bet. Given that reality, it is easy to see how IP thieves are actually stealing America's future.

The Obama administration's 2013 Joint Strategic Plan on Intellectual Property Enforcement is a big step toward securing this critical aspect of the nation's future. Failure to aggressively address this growing problem is not an option, given the damage it is already doing to US businesses and the country's financial well-being.

When Gen. Keith Alexander, director of US Cyber Command and director of the National Security Agency, assess the ongoing theft of IP as "the greatest transfer of wealth in history," it is time to increase our defensive efforts. A concerted effort is needed to stem the flow of IP out of US businesses to points all over the world. We must address theft by insiders as well as the growing number of cyberattacks that target IP. One has to wonder how many organizations have an IP security program in place.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
11/18/2013 | 2:14:32 PM
Stand Together
At some point, US companies need to follow the lead of consumers who willingly pay more for products made in the United States. If there were no demand for products made as a result of stolen IP, the incentive to pirate IP would (in theory) abate.

Say you're in the market for piece of custom automation equipment to, say, install lenses in cameras. You can get it from a US company for $200,000 or a Chinese company for $125,000. On looking deeper, you realize that the machines are essentially identical, and the US company has been in this market for 5 years while the Chinese operation started 18 months ago.

Who gets the contract?
Marilyn Cohodas
IW Pick
100%
0%
Marilyn Cohodas,
User Rank: Author
11/18/2013 | 10:25:35 AM
Who has an IP security program?
 "One has to wonder how many organizations have an IP security program in place."

Kevin your last point says it alll and I'd be interested in hearing from readers, what steps, if any their organizations are taking (outside of the actions after the fact) to prevent IP theft. 
Alison Diana
50%
50%
Alison Diana,
User Rank: Moderator
11/18/2013 | 9:45:20 AM
Beyond Paper
Salespeople and execs are often bound by non-compete agreements when they move from one company to another. Often businesses will vigorously pursue cases in court if they believe their non-competes have been violated. Of course, if someone works on a company-owned device -- laptop, phone, tablet -- that part is easy. With BYOD, it's more complicated for IT to ensure it's removed corporate data from an ex-employee's mobile device -- and that doesn't cover anything copied, unless it couldn't be copied in the first place.

Ironic that government may be seen as an ally in preventing corporate spying -- back-doors demanded by the NSA are one way foreign (and local) spies can try to break in to steal proprietary data. 
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.