Testimony before the U.S. House of Representatives’ Homeland Security Committee painted a grim picture about the problem of cyber espionage against U.S. companies and interests.
Government and law enforcement experts testifying before the U.S. House of Representatives’ Homeland Security Committee’s Subcommittee on Counterterrorism and Intelligence on Thursday painted a grim picture about the problem of economic espionage against U.S. companies, and the role that cyber attacks play in that spying.
Computer enabled spying and espionage has increased the scope and abilities of countries and private interests that wish to illegally obtain U.S. technology, according to testimony by Gregory Wilshusen, Director of Information Security Services at the Government Accountability Office (GAO).
Recent reports of incidents of economic espionage suggest that cyber spying has already had “serious effects on consumers and businesses,” Wilshusen told the Homeland Security Committee. “These include the compromise of individuals’ sensitive personal data such as credit- and debit-card information and the theft of businesses’ IP and other proprietary information.”
While it is difficult to estimate the size of the problem, the consequences of cyber espionage include “identity theft; lower quality counterfeit goods; lost sales or brand value to businesses; and lower overall economic growth and declining international trade,” he warned.
Wilshusen was one of four witnesses to testify before the panel. The others, from the U.S. Patent and Trademark Office, the Department of Homeland Security and the FBI, spoke of the growing problems of intellectual property theft and illegal exports from the U.S. Wilshusen was the only panel member to speak directly to the issue of cyber espionage.
Despite having designated federal information security a high risk area fifteen years ago, GAO found that the threat of cyber attack and cyber espionage to the U.S. economy and critical infrastructure is still growing. The country’s ever-growing dependence on networked information technology systems has increased both the reach and impact of cyber espionage by “making it possible for hostile actors to quickly steal massive amounts of information while remaining anonymous and difficult to detect.”
The U.S. faces what the GAO described as an “evolving array” of cyber threats. They include business competitors, corrupt employees, criminal groups, hackers and foreign nations engaged in espionage and information warfare. Wilshusen said the U.S. government and private sector organizations needed to adopt security controls that reduce organizations’ vulnerability to attacks, including access control technologies, cryptography to protect sensitive data, configuration management and other tools.
Wilshusen’s testimony was echoed by that of C. Frank Figliuzzi, the Assistant Director of the Counterintelligence Division at the FBI, who told lawmakers that the FBI is investigating economic espionage cases responsible for $13 billion in losses to the U.S. economy. Arrests associated with economic espionage have doubled in the last four years. Malicious insiders are increasingly the source of these attacks, Figliuzzi said.
Acting Subcommittee Chairman Billy Long (R-MI) opened the hearing by underscoring the threat to U.S. jobs.
“My concern is that the (FBI’s $13 billion) is just the tip of the iceberg,” Long said. “Cyberspace provides small scale actors an opportunity to become big players in economic espionage,” he said.
Long singled out China and Russia as nations that have a national policy of using espionage to achieve strategic and economic goals.