UPDATE 2012-06-07:
- Grootste digitale dreiging door spionage en cybercriminaliteit (NCTB, 2012-06-07)
- Digital espionage in US, China & Russia a real and growing threat, (The Economic Times (India), 2012-02-12)
- Cyber Espionage to Surpass Terrorism (TV20 Detroit News, 2012-02-03)
- Digital Spies: The Alarming Rise of Electronic Espionage (Popular Mechanics, 2012-01-24)
- Digitale spionage steeds grotere bedreiging (Binnenlands Bestuur, 2011-12-24)
- Hidden Dragon: The Chinese cyber menace – ‘Any decent government does industrial espionage’ (el Reg, 2011-12-24)
- Eerste nationale cyberbeeld brengt problematiek digitale veiligheid in kaart (Rijksoverheid, 2011-12-23)
- Thoughts on 2011 ONCIX Report (Richard Bejtlich’s blog, 2011-11-23)
- Espionage: Protecting American Innovation in Cyberspace (InfosecIsland, 2011-11-23)
- China and Russia Lead in Stealing US Economic Secrets (V. Nishti’s blog, 2011-11-19)
- Cyber Spies Are Winning: Time To Reinvent Online Security (Forbes, 2011-11-18)
- Online Attacks and Espionage by Nation States (SecTor’11 keynote by Mikko Hypponen, 2011-10-20, 10MB .pdf)
- AIVD waarschuwt universiteiten voor spionage (Binnenlands Bestuur, 2011-08-17)
- Overheid onderschat digitale spionage (Binnenlands Bestuur, 2011-04-15)
- AIVD waarschuwt gemeenten voor spionage-mail (Binnenlands Bestuur, 2010-04-20)
- AIVD waarschuwt ambtenaren voor spionage (Binnenlands Bestuur, 2008-11-13)
====== START OF ORIGINAL BLOGPOST FROM 2011-11-17 ======
In October 2011, the U.S. Office of the National Counterintelligence Executive (ONCIX) published the Report to Congress on Foreign Economic Collection and Industrial Espionage 2009-2011 (.pdf). Earlier, Dutch intelligence service AIVD published an analysis of vulnerability to espionage (.pdf). I cite the Executive Summary of both reports below, intending to give these publications a little extra exposure.
1/2. U.S.-NCIX: “Report to Congress on Foreign Economic Collection and Industrial Espionage 2009-2011”
Executive Summary
Foreign economic collection and industrial espionage against the United States represent significant and growing threats to the nation’s prosperity and security. Cyberspace—where most business activity and development of new ideas now takes place—amplifies these threats by making it possible for malicious actors, whether they are corrupted insiders or foreign intelligence services (FIS), to quickly steal and transfer massive quantities of data while remaining anonymous and hard to detect.
US Technologies and Trade Secrets at Risk in Cyberspace
Foreign collectors of sensitive economic information are able to operate in cyberspace with relatively little risk of detection by their private sector targets. The proliferation of malicious software, prevalence of cyber tool sharing, use of hackers as proxies, and routing of operations through third countries make it difficult to attribute responsibility for computer network intrusions. Cyber tools have enhanced the economic espionage threat, and the Intelligence Community (IC) judges the use of such tools is already a larger threat than more traditional espionage methods.
Economic espionage inflicts costs on companies that range from loss of unique intellectual property to outlays for remediation, but no reliable estimates of the monetary value of these costs exist. Many companies are unaware when their sensitive data is pilfered, and those that find out are often reluctant to report the loss, fearing potential damage to their reputation with investors, customers, and employees. Moreover, victims of trade secret theft use different methods to estimate their losses; some base estimates on the actual costs of developing the stolen information, while others project the loss of future revenues and profits.
Pervasive Threat from Adversaries and Partners
Sensitive US economic information and technology are targeted by the intelligence services, private sector companies, academic and research institutions, and citizens of dozens of countries.
- Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the IC cannot confirm who was responsible.
- Russia’s intelligence services are conducting a range of activities to collect economic information and technology from US targets.
- Some US allies and partners use their broad access to US institutions to acquire sensitive US economic and technology information, primarily through aggressive elicitation and other human intelligence (HUMINT) tactics. Some of these states have advanced cyber capabilities.
Outlook
Because the United States is a leader in the development of new technologies and a central player in global financial and trade networks, foreign attempts to collect US technological and economic information will continue at a high level and will represent a growing and persistent threat to US economic security. The nature of the cyber threat will evolve with continuing technological advances in the global information environment.
- Over the next several years, the proliferation of portable devices that connect to the Internet and other networks will continue to create new opportunities for malicious actors to conduct espionage. The trend in both commercial and government organizations toward the pooling of information processing and storage will present even greater challenges to preserving the security and integrity of sensitive information.
- The US workforce will experience a cultural shift that places greater value on access to information and less emphasis on privacy or data protection. At the same time, deepening globalization of economic activities will make national boundaries less of a deterrent to economic espionage than ever.
We judge that the governments of China and Russia will remain aggressive and capable collectors of sensitive US economic information and technologies, particularly in cyberspace.
The relative threat to sensitive US economic information and technologies from a number of countries may change in response to international economic and political developments. One or more fast-growing regional powers may judge that changes in its economic and political interests merit the risk of aggressive cyber and other espionage against US technologies and economic information.
Although foreign collectors will remain interested in all aspects of US economic activity and technology, we judge that the greatest interest may be in the following areas:
- Information and communications technology (ICT), which forms the backbone of nearly every other technology.
- Business information that pertains to supplies of scarce natural resources or that provides foreign actors an edge in negotiations with US businesses or the US Government.
- Military technologies, particularly marine systems, unmanned aerial vehicles (UAVs), and other aerospace/ aeronautic technologies.
- Civilian and dual-use technologies in sectors likely to experience fast growth, such as clean energy and health care/pharmaceuticals.
Cyberspace provides relatively small-scale actors an opportunity to become players in economic espionage. Under- resourced governments or corporations could build relationships with hackers to develop customized malware or remote-access exploits to steal sensitive US economic or technology information, just as certain FIS have already done.
- Similarly, political or social activists may use the tools of economic espionage against US companies, agencies, or other entities, with disgruntled insiders leaking information about corporate trade secrets or critical US technology to “hacktivist” groups like WikiLeaks.
2/2. Netherlands-AIVD: “Analysis of vulnerability to espionage”
Executive Summary
The Dutch Minister of the Interior and Kingdom Relations (BZK) acknowledges that economic, strategic, technical and scientific espionage form a current threat to Dutch national safety and security. To gain a deeper understanding of this threat, and in order to make recommendations for its further reduction, the General Intelligence and Security Service of the Netherlands (AIVD) and the Directorate General for Safety and Security (DGV) at the Ministry of BZK have jointly analysed the risks from espionage in the areas of economic welfare & scientific potential, public administration and critical infrastructure. In the process of conducting its counterespionage analyses, the AIVD has observed that a number of foreign intelligence services are actively gathering information in sectors within these areas of attention.Through various interviews and through use of available intelligence data from the AIVD, information and data were identified that would harm the Dutch national security if attained by foreign intelligence services/governments. Such data or collections of data are referred to in this report as core interests. The various ways in which core interests are vulnerable to espionage are referred to as vulnerabilities. These too have been analysed. As a result, the analysts concerned make a number of general recommendations based on the insights and conclusions described in this report. These recommendations point the way towards a follow-up policy trajectory under the umbrella of the Dutch national strategy of safety and security. In this follow-up policy trajectory the general recommendations will have to be made concrete and assigned to action owners.
Core interests
The analysis reveals that core interests can be found in all sectors investigated. These core interests can roughly be divided into the following categories:
- Datasets and blueprints: this relates to databases, designs and drawings in organisations;
- Positions and strategy: for example, policy premises, long-term philosophy and negotiating strategies;
- Emerging core interests and infrastructure: for example, scientific innovations that may be able to make important contributions to the Dutch economy in the future.
Vulnerabilities
The most important pretexts for espionage activities by foreign intelligence services can be categorised as ‘people’ and ‘technology’. Intelligence services try to obtain information relevant to them via people who have direct or indirect access to this information or by deploying technical devices in order to hack, tap or monitor. The various ways of intercepting telecommunications form a significant vulnerability in this context. The analysis also reveals that the increasing interconnectivity and complexity of computer systems and the linking of data storage systems increase vulnerability of sensitive data. Outsourcing activities such as system and server management, data warehousing and data processing likewise carry the risk of espionage.
Targeted policy in both the private and public sector can serve to strengthen resistance to espionage and make the core interests of the Netherlands more secure. The quality of this policy will determine the extent to which core interests are vulnerable to intelligence activities. The analysis shows that certain policy decisions have inadvertently increased vulnerability to espionage activities in a few sectors. The promotion of knowledge migration from and to the Netherlands, for instance, has had the undesirable side-effect of enabling intelligence officers to conceal themselves relatively easily among the student population.
Counteracting intelligence activities requires those who are at risk of being spied on to be aware of the fact that they may be interesting to foreign services. It also requires them that they are aware of how intelligence activities are carried out. The analysis shows that awareness of espionage in the sectors concerned is often low. This limited awareness is visible on three levels:
- Awareness of the value of information: organisations and individual workers sometimes fail to realise, or insufficiently realise, the value of the information they possess or to which they can obtain access;
- Awareness of security: the security and safety of core interests do not always command sufficient attention in organisations; other considerations often take priority in their policy;
- Weighing up interests: short-term organisational interests and/ or government interests are (often) given precedence over long-term interests. The defection of strategic knowledge or activity relevant for long-term Dutch national safety and security to other countries is given insufficient attention.
Recommendations
Based on these conclusions, three main recommendations are made for further strengthening resistance to espionage:
- Actively strengthen awareness among managers and workers in government, industry and institutions of the value of the information they have and of the possible interest foreign governments may have in this information.
- Work on changing the culture around security. In this respect users, the organisation of data flows and databases and the techniques used for detecting incidents are important focus areas.
- When formulating policy, pay explicit attention to protecting core interests and the effects of policy on the Netherlands’ interests in the longer term. These recommendations are illustrated in chapter 10 with a number of possible, more concrete prospects for action. It is not within the remit of the analysis to make such actions more concrete or assign them; this will have to be done by the policy departments concerned in a follow-up policy trajectory.
More resources for the Netherlands:
- Kamervragen door Van Raak (SP) over aanpak van cyberspionage + antwoorden door Opstelten en Hillen, april/mei 2011 (.pdf)
- AIVD Annual Report 2010 (.pdf, website)
- Fox-IT en TNO werken aan systeem voor het detecteren van digitale bedrijfsspionage (press release from TNO & Fox IT, 2011-11-01)
- Fox-IT en TNO bouwen systeem tegen cyberspionage (article on Webwereld, 2011-11-01)