Attempts by foreign governments, individuals and government-associated groups to steal intellectual property, state secrets and other sensitive data from U.S. companies and government agencies are ratcheting up and government officials say the threat has become especially “persistent, pervasive, and insidious” in the last couple of years. Much of the threat is coming from China and other countries in East Asia, and officials say they expect economic espionage activity from that region to continue to focus on the theft of IT, aerospace and military technologies.
The assessment of attacks targeting U.S. companies, defense contractors and government agencies comes from an annual report from the Defense Security Service, and the outlook is not optimistic. The report, which is based on data collected from companies doing classified work for the federal government, shows that attempts by attackers from around the world to illegally access confidential data increased by 75 percent in fiscal year 2011, compared with 2010. The volume of attempts from each specific region–East Asia and Pacific, Near East, Europe and Eurasia, South and Central Asia–remained relatively constant from year to year, but the overall number of reports from companies in the cleared industrial base jumped significantly.
Stanley L. Sims, the director of the DSS, said in the report that the scope and volume of the targeted economic espionage activity against the U.S. has gotten to a point where it’s infested virtually every nook and cranny of the defense industrial base.
“During fiscal year 2011, the persistent, pervasive, and insidious nature of that threat became particularly noteworthy, and the pattern became even more firmly established. Foreign collectors seek to elude the protective efforts of industry, DSS, the Intelligence Community, and law enforcement by concealing their activities behind various covers, such as third countries, front companies, and cyber identities,” Sims said in the DSS report.
“Increasingly, the result of all this foreign collection activity is like malignant plants with multiple interlocking roots and branches. These noxious weeds root in unexpected places, then send out shoots and tendrils that encroach through any crack or gap into the nurseries and gardens of our industrial base. We may pull out some parts of a plant by the roots and lop off the leaves of others, but the pervasive, penetrating weeds remain.”
Security experts, researchers and intelligence analysts have been warning about the threat from economic espionage for several years now, specifically pointing to attacks from China, Iran and other non-allied countries as a serious problem. Notable attacks against RSA, Lockheed Martin and other major companies have drawn a lot of attention, but, as the DSS report shows, there are hundreds more that never make their way into news reports.
One of the major targets for attackers from many countries is technology used in military and space programs. Specifically, attackers from East Asia and the Pacific have a keen interest in so-called “radiation-hardened” microelectronics. This includes memory and other components that have been hardened to withstand the effects of radiation that can occur in high-altitude flight, space operations and near nuclear reactions. The volume of attempts by foreign attackers to get such technology went up 17 percent in 2011, the report says, with East Asia and the Pacific accounting for 40 percent of those attempts.
“Based on reporting from cleared industry, it is likely that East Asia and the Pacific collectors have immediate needs for rad-hard microelectronics for various commercial and military programs. The lack of East Asia and the Pacific technical proficiency to design and manufacture space-worthy rad-hard microelectronics coupled with East Asia and the Pacific commercial entities’ specific requests for the technology from cleared industry likely signify that the microelectronics markets in East Asia and the Pacific are unable to meet the strategic goals of included countries.”
Much of the activity aimed at acquiring these technologies occurred offline, the report says, either through direct attempts to buy the technology or other means, such as academic solicitations. However, in general, countries in the East Asia and Pacific region used what the DSS calls “suspicious network activity” as one of its main methods of operation. Interestingly, a good deal of those attacks took a familiar form.
“Notably, almost all of the SNA reporting deemed to be of intelligence value resulted from spear phishing emails with malicious attachments received by cleared contractors,” the report says.
DSS analysts expressed serious concerns in the report about the continued attempts of foreign groups to establish supplier relationships with U.S. contractors. The issue of supply chain security has come to the forefront in recent months, as government officials have highlighted the risk of malicious components showing up in systems used by U.S. companies and government agencies. This is an issue the security community has been concerned with for years now, and the DSS report shows that the broader community is coming to the same realization.
“Integration of foreignmanufactured components into U.S. defense systems is a growing concern within the IC [intelligence community] and U.S. cleared industrial base,” the report says.
In the near future, the DSS expects that countries in East Asia and the Pacific will continue to be the main adversaries for U.S. government agencies and contractors.
“Entities from East Asia and the Pacific will almost certainly remain the most prolific in collection attempts reported by cleared industry. This region features contentious boundaries and encompasses economic rivals of the United States. The perceived need within this region for modern militaries combined with growing economies will very likely fuel the continued targeting of U.S. technologies as an efficient and effective method of abbreviating research and development of new and emerging technologies,” the report says.