Troubling Intellectual Property Theft and Cyber Threats Persist
The sophisticated nature of cyber attacks and intellectual property theft performed by adversaries is only increasing, as nation-state actors continue to mount attacks to gain valuable information from the United States, its military and private companies.
The blend of cyber and human espionage is what makes China particularly effective in mounting these kinds of attacks, said Mark Kelton, senior advisor, Chertoff Group and former senior executive of the CIA. The threats to U.S. intellectual property and digitally based assets are not slowing down anytime soon, stated Sean Berg, senior vice president and general manager, Global Governments and Critical Infrastructure, Forcepoint.
Kelton, Berg and Chase Cunningham, principal analyst, Security and Risk, at Forrester Research Inc., shared their perspective on the nature of the risks to the United States, during a recent media event in Washington, D.C. hosted by Forcepoint. “We’ve all seen what can happen when nation states go after intellectual property, and they do so for a variety of reasons, including their desire to accelerate their own programs,” Berg noted.
China is the most notorious actor in this arena, the experts said, but intellectual property theft could come from friendly nations seeking an economic advantage. The United States does not engage as such.
“There is a fundamental asymmetry between U.S. intelligence and most other intelligence agencies in the world,” Kelton explained. “U.S. intelligence has no mandate to steal industrial and trade secrets. China, their MSS [Ministry of State Security] and PLA [People’s Liberation Army], which is now the cyber support force, they have a mandate to steal U.S. industrial and trade secrets in addition to traditional espionage. And it manifests as an attack on the United States in virtually every system, device and organization that has intellectual property worth stealing or secrets worth stealing.”
Kelton noted that this has not always been the case with China. Through the late 1990s and the early 2000s, the Chinese government had a more conservative stance, as its goal was seeking regime preservation and stopping dissidents. They did not engage in high-risk espionage activities. “It was the 1,000 grains of sand approach, using legal travelers, diplomats and researchers to collect information in the course of their normal business when visiting the United States and take it home to China,” he said. “But of course cyber was in its infancy then.”
That environment changes in the later part of the decade when China becomes more aggressive, reflecting the change in the nation state’s goals to assert Chinese power abroad, which gets manifested in their espionage activities, Kelton noted.
He characterizes current Chinese cyber attacks as a broad sword. They take what they can, first attacking cyber weaknesses and doing it from a distance. If they can’t get what they want that way, then they resort to recruiting people and running spies inside companies or organizations to help steal that information.
As such, when considering protections, U.S. companies or the government need a layered defense that handles both cyber weaknesses and insider threats. “You can’t decouple cyber threats from insider threats, you just can’t,” Kelton implored.
Cunningham, a former chief cryptologist with the U.S. Navy, observed that the old perimeter-based model of cybersecurity with firewalls has categorically failed to protect from cyber attacks, as well as intellectual property theft, he said, and it has failed for 30 years.
“[Inadvertently], we have categorically built infrastructure to enable espionage,” Cunningham noted. “If you at look at how we have architected enterprises over the last 30 to 40 years, we’ve built in the human of emotion of trust in the networks. And now, when you are in, you are in, and you can do what you want. What we are working very heavily towards is the new infrastructure construct of zero trust, where we don’t allow those things to occur. You build the infrastructure much more granularly, focusing on the internal [infrastructure] to the external [infrastructure].”
He now counsels clients to surmise that their network is already owned by cyber attackers, and then build up from that assumption. “In war, and this is from someone who has been in war, you win by taking very small pieces of ground back, then working your way to take over the battlefield,” the principle analyst said. “You don’t walk in and own the battlefield, which is kind of what we thought we had in cyberspace. Instead, you want to leverage new technologies for the purposes for which they were intended: to be virtual, to be dynamic, to be focused, and dial in on what we can control.”
Nowadays, companies and the government should employ more advanced network protections, such as micro-segmentation, “and really providing a challenge to would-be hackers in the network,” said Berg. “The landscape has changed,” he said. “At one point in time, you had pretty static networks in government. You had various points on entry on your network that you monitored tightly. But now data is everywhere, and it becomes less about the perimeter and the threats to the perimeter, and more about the important things that you are trying to protect, your critical data and your people.”
In addition, Cunningham advised that companies and employees should be comfortable with continuous network monitoring. Corporations should not shy away from monitoring their network users. In the federal government, monitoring computer users is already mandated. “If you want to continue to want to have a business in the 21st century, it is a requirement that I need to know what you are doing on my network,” he stated.
The challenge for the private sector is trying to decide what to protect, Kelton added.
