US companies lose about $300 billion a year to cyberespionage and intellectual property theft. We need a concerted effort to stop it.
The technology world has entered an era of sustainable innovation that is producing untold amounts of intellectual property (IP). This is the raw material fueling the US and global economies and leading to fundamental changes in the nature of new products and services and how we consume them.
Many of these products and services don't exist yet. They are on the whiteboards and in the minds of individuals at companies and R&D facilities. Nevertheless, there is a growing sense that creations of the mind -- IP -- have become part of the currency of modern-day society. Economists have theorized that knowledge and ideas are becoming more of a driving force for economic development. That is why IP has become the foundation of many businesses, as well as an asset that is factored into value calculations as companies are routinely bought and sold.
A 2012 US Commerce Department report, "Intellectual Property and the U.S. Economy," speaks to the importance of intellectual property. IP-intensive industries are responsible for at least 40 million jobs and contribute more than $5 trillion dollars (34.8 percent) to the nation's gross domestic product, the report said. That is why it has become a high-value target for thieves and rogue nation states.
Many in the world have viewed the US as a country that fosters constant innovation. For decades, it has been seen as the technology research and development lab for the world. That R&D has driven new products and services. One commonly used measure of innovation (rightly or wrongly) is IP output, which is commonly measured by the number of patents granted in a given year.
What is surprising to many is that the US was second behind Japan in terms of patents granted for many years. What is worse is that most do not know that the US fell to third in patents granted worldwide in 2011. What country displaced the US as No. 2? China.
According to a World Intellectual Property Organization report, between 2008 and 2011, the number of patents granted to China increased 350 percent. US patents grew by less than half that rate. Is China that innovative and creative? Many say no; they believe stolen IP is at least partially responsible for the surge.
The US government recently addressed the issues of cyberespionage and IP theft with Chinese officials. The Treasury Department reported in July, "Chinese officials acknowledged U.S. concerns over the growing problem of the cyber-enabled theft of trade secrets and business confidential information." That is the first step, and it will be interesting to see if this stems the flow of IP theft.
Intellectual property theft Investigators and government officials have called the scope and scale of international theft of US intellectual property unprecedented. Computer systems don't have to be hacked for IP to be stolen. The Commission on the Theft of American Intellectual Property estimated the annual losses for US companies from cyberespionage and other forms of IP theft from foreign countries at $300 billion.
Rep. Tim Murphy (R-PA) said it best, "From defense contractors to manufacturing, no American company has been immune from the scourge of Chinese intellectual property theft."
In one incident, a cybersecurity company was doing an assessment for a midsized client in specialty equipment. The company discovered compressed files that had been exfiltrated from the client's systems. Further investigation revealed that the files contained the detailed bill of materials for the client's products and other sensitive competitive information.
A recent Symantec study found that half of all departing employees retain confidential company files after their termination. You don't have to be in some exotic technology or in the defense industry to be targeted or become a victim of IP theft these days. In fact, some companies that specialize in these areas call IP theft by departing employees a common practice.
Consider what happens when salespeople resign and go to work elsewhere. The customer contact lists they developed, used, and updated as part of their work for their former employer is of substantial value to them and their new employer. One individual told me a new employer was applying a lot of pressure to turn over the contact/customer list of the previous employer, as well as any PowerPoint slide decks.
That is at one end of the spectrum. At the other end is where people are enticed to leave an employer for a competitor and take with them the source code for the former employer's main product. An individual from a well-funded startup contacted me and told me it had found a competitor's source code on its development servers and asked what to do.
Intellectual property is the hard work of individuals within organizations and represents the products, services, and businesses of the future. Few dispute the fact that IP theft can be catastrophic -- causing the victim company to lose its competitive advantage and possibly go out of business. Or, worse, could the next Netscape or Facebook go from being a US company to the shining star of Russia, China, or some other country? You bet. Given that reality, it is easy to see how IP thieves are actually stealing America's future.
The Obama administration's 2013 Joint Strategic Plan on Intellectual Property Enforcement is a big step toward securing this critical aspect of the nation's future. Failure to aggressively address this growing problem is not an option, given the damage it is already doing to US businesses and the country's financial well-being.
When Gen. Keith Alexander, director of US Cyber Command and director of the National Security Agency, assess the ongoing theft of IP as "the greatest transfer of wealth in history," it is time to increase our defensive efforts. A concerted effort is needed to stem the flow of IP out of US businesses to points all over the world. We must address theft by insiders as well as the growing number of cyberattacks that target IP. One has to wonder how many organizations have an IP security program in place.
Security Job #1 For FedsThe 2014 InformationWeek Government IT Priorities Survey shows federal IT pros care about security - it’s rated as very important by 69% of respondents, 30 percentage points ahead of the No. 2 priority, disaster recovery. Will the upcoming NIST cyber-security framework help manage risk?