Damage From Cyber Espionage Looms Large
The economics of spying all but ensure a robust industry in stolen secrets.
The vaunted technology edge enjoyed by Western nations risks fading into history because of espionage by nation-states. National competitors and potential adversaries are saving years of research and development and billions of dollars in related expenses by extricating secrets through cyberspace. Both military and commercial organizations are suffering what could amount to devastating losses from opportunistic enemies, and communications and information technologies top the list of desirable targets.
Cyber espionage has become increasingly common. In attacks discovered earlier this year, North Korean hackers stole wing designs for an F-15 jet fighter and photos of parts of spy planes from a South Korean company. These cyber attacks originated in Pyongyang. More than 40,000 documents were stolen beginning in 2014, the Korean National Police Agency revealed. The South Korean Air Force was the last organization to be told about the espionage.
Some threats may be homegrown. In the United States, a Navy officer accused of spying will face a general court-martial later this month. Lt. Cmdr. Edward Lin, USN, has been charged with espionage, attempted espionage, making false official statements, communicating defense information, failing to report foreign contacts and mishandling classified information. The naval flight officer worked in an elite reconnaissance squadron that flies spy missions in the Asia-Pacific region. Cmdr. Lin is suspected of providing secrets to Taiwan, China or both.
Typically, traditional espionage follows a familiar pattern. Information is extracted from a supplier in the value chain or directly from a holder of classified data. This activity occurs over several years via persistent tracking by personnel related to the espionage. The stolen data is high-value because it saves an adversary money and time on engineering and testing a similar offering. This data theft usually goes undiscovered until detected by a third party.
By comparison, cyber espionage most often is employed to purloin information about innovative technologies such as military applications, pharmaceuticals, semiconductors, software, electronic devices, weapons and aerospace products being developed in research laboratories. It also can be used to obtain money-making patented, trademarked or copyrighted property. It can be conducted by freelance entrepreneurs, state-operated groups, researchers-for-hire or even trusted consultants. Cyber espionage is not inhibited by the costs, consequences and limitations of traditional espionage, including international law. Often, cyber spies cannot be apprehended and certainly are not punished. Detection and protection countermeasures are the only safeguards that will work when a professionally executed espionage attack occurs.
The global scale of cyber espionage, now practiced by tens of thousands of people, forms what can be considered a nonlethal type of asymmetric warfare. For a small investment, it provides a big payoff. The risk-reward ratio also is extremely attractive because the presence of costly on-site human actors is not required.
Nobel Prize-winning economist Robert Solow, professor emeritus at the Massachusetts Institute of Technology, laid out the theoretical foundation for this type of espionage. Solow states that the growth of a nation’s gross domestic product (GDP) is achievable primarily through technological innovation. Lacking sufficient resources, organizations will resort to espionage as a way to speed up progress economically.
The economic rise of China fits the model that calls for accelerating innovation by extracting advanced technologies from others. It has acquired many U.S. technologies through espionage. China is in a close race to overtake the United States as the world’s largest economic power. Although the United States has huge amounts of accumulated wealth, China has pulled ahead when it comes to purchasing power. Adjusted for purchasing power parity, China’s 2015 GDP of $19.4 trillion exceeds the U.S. GDP of $17.9 trillion, and China’s GDP growth rate is roughly seven times larger. But in the race for global dominance, China still lags in knowledge assets. This is where cyber espionage enters the picture as a weapon of information warfare.
To understand the attractiveness of this type of espionage, one has to consider it as an economic proposition from China’s point of view. The target is the U.S. shareholder value of about $280 trillion, which includes the market value of firms such as Apple, Microsoft, FedEx, Biogen, Pfizer and Google as well as the embedded software assets within the U.S. federal government. The innovative capabilities of NASA, the Defense Information Systems Agency, the U.S. Air Force and pharmaceutical, semiconductor, computer software and chemical companies could be seen as a menu of potential espionage prospects.
When cyber spies extract U.S. knowledge capital from such targets, it rarely is noticed. The effects do not show up immediately, but instead, the theft gradually chips away at the nation’s technological superiority.
Cyber espionage demands different countermeasures than cyber crime. It operates on a much larger scale, takes longer to execute, interferes with personal privacy and is harder to detect. Political limits are placed on the scope of cyber espionage. Nevertheless, the United States must proceed without delay to close unconstrained access to hundreds of trillions of accumulated knowledge assets before they vanish to China. Unless the United States protects its information and communications technology (ICT) know-how, especially in software, then by the end of China’s next two five-year plans, the country’s ICT likely will be comparable to that of the United States.
Paul A. Strassmann is the former director of defense information, Office of the Secretary of Defense.