Driven by the general ease of stealing electronically stored data and the reality of growing global businesses, US companies have lost some $13 billion through economic espionage in the current fiscal year - and the problem is growing.
Those observations were made this week by the FBI to a House Committee on Homeland Security, Subcommittee on Counterterrorism and Intelligence hearing that went on to add that as the FBI's economic espionage caseload is growing, so is the percentage of cases attributed to an insider threat, meaning that, individuals currently (or formerly) trusted as employees and contractors are a growing part of the problem.
FBI Assistant Director, Counterintelligence Division Frank Figliuzzi cited as an example, a February 2012 indictment, where several former employees with more than 70 combined years of service to the company were convinced to sell trade secrets to a competitor in the People's Republic of China (PRC).
"Entities owned by the PRC government sought information on the production of titanium dioxide, a white pigment used to color paper, plastics, and paint. The PRC government tried for years to compete with DuPont Corporation, which holds the largest share of a $12 billion annual market in titanium dioxide. Five individuals and five companies were commissioned by these PRC state-owned enterprises collaborate in an effort to take DuPont's technology to the PRC and build competing titanium dioxide plants, which would undercut DuPont revenues and business. Thus far, three co-conspirators have been arrested and one additional co-conspirator has pled guilty in federal court. This case is one of the largest economic espionage cases in FBI history," he stated.
"The theft of U.S. proprietary technology, including controlled dual-use technology and military grade equipment, from unwitting U.S. companies is one of the most dangerous threats to national security," John Woods, assistant director of national security investigations at U.S. Immigration and Customs Enforcement, who also testified.
The insider threat, of course, is not new Figliuzzi stated, but it's becoming more prevalent for a host of reasons, including:
- The pervasiveness of employee financial hardships during economic difficulties;
- The global economic crisis facing foreign nations, making it even more attractive, cost-effective, and worth the risk to steal technology rather than invest in research and development;
- The ease of stealing anything stored electronically, especially when one has legitimate access to it; and
- The increasing exposure to foreign intelligence services presented by the reality of global business, joint ventures, and the growing international footprint of American firms.
Figliuzzi said that another grave threat to our national security is the illegal transfer of US technology.
"The FBI is seeing an expansion of weapons proliferation cases involving US acquired components. These are components exported from American companies, initially headed to someplace they're allowed to be, but ultimately destined for someplace they should never be," he said.
The FBI's Counterproliferation Center (CPC), which identifies and disrupts networks of weapons of mass destruction (WMD) activity, is responsible for pursuing cases of illegal technology transfer, whether the technology is intended for WMDs or other uses. The CPC has tripled its disruptions of illegal transfers of technology since FY 2011.
"We have made more than a dozen arrests since the CPC's inception in July 2011, including the arrests of multiple subjects on the Central Intelligence Agency's Top Ten Proliferators List," Figliuzzi said.
The magnitude of the threat is compounded by the ever-increasing sophistication of cyber-attack techniques, such as attacks that may combine multiple techniques. Using these techniques, cyber thieves may target individuals and businesses, resulting in, among other things, loss of sensitive personal or proprietary information. Gregory Wilshusen, Director, Information Security Issues for the Government Accountability Office told the hearing.
"These concerns are highlighted by reports of cyber incidents that have had serious effects on consumers and businesses. These include the compromise of individuals' sensitive personal data such as credit- and debit-card information and the theft of businesses' IP and other proprietary information. While difficult to quantify monetarily, the loss of such information can result in identity theft; lower-quality counterfeit goods; lost sales or brand value to businesses; and lower overall economic growth and declining international trade," he said.
Layer 8 Extra
Check out these other hot stories: