The Impact Of Economic Espionage

The US National Counterintelligence and Security Center (NCSC) has released its 2018 Foreign Economic Espionage in Cyberspace report, which highlights current threats and future trends in foreign intelligence efforts to steal US intellectual property, trade secrets, and proprietary information via cyberspace.

“Our goal in releasing this document is simple: to provide US industry and the public with the latest unclassified information on foreign efforts to steal US trade secrets through cyberspace,” said William R. Evanina, Director of the NCSC.

“Building an effective response to this tremendous challenge demands understanding economic espionage as a worldwide, multi-vector threat to the integrity of both the US economy and global trade.”

The report underscores the strategic threat of cyber economic espionage, noting that next generation technologies such as Artificial Intelligence and the Internet-of-Things offer great opportunities, but also introduce new vulnerabilities to US networks for which the cybersecurity community largely remains unprepared.

The report also provides insights into the most pervasive nation-state threat actors, including China, Russia and Iran, and recent examples of their economic espionage activities in the United States through cyberspace.

Despite advances in cybersecurity, the report notes that cyber espionage offers such actors a relatively low-cost, high-yield avenue to obtain a wide spectrum of US intellectual property.

The report also identifies those US industrial sectors and technologies that are of greatest interest to foreign threat actors, including energy, biotechnology, defense, environmental protection, high-end manufacturing, and information and communications technology.

In addition, the report highlights several emerging threats that warrant attention, including:

  • Software supply chain infiltration, which has already threatened the US critical infrastructure and is poised to threaten other sectors. According to the report, 2017 represented a watershed year for public reporting of such incidents.
    There were numerous events involving hackers targeting software supply chains with backdoors for cyber espionage, organisational disruption or demonstrable financial impact
  • Laws in foreign countries, such as those in China and Russia, that can pose an increased intellectual property risk to US companies doing business there.
    The report notes that China’s 2017 cyber-security law mandates that foreign companies submit their technology to the Chinese government for national security reviews; and that Russia has dramatically increased its demand of source code reviews, which are overseen by Russian intelligence, to approve of foreign technology sold in their country
  • Foreign technology firms that are subject to foreign state influence or have links to foreign governments with high-threat intelligence services.

Citing the examples of Kaspersky Lab and Netcracker Technology Corp., the report notes that such companies often provide services that require access to control points of computer networks they support, presenting opportunities for foreign nations to acquire sensitive information.

Office of the Director of US National Intelliegence

You Might Also Read: 

US Spy Chiefs Look For UK Guidance On Cybersecurity:

The US National Security Agency Is On The Ropes:

« Hackers Can Buy Tools To Attack Your Business For $40
Phishing Tools Used To Attack The Power Grid »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Certification Europe

Certification Europe

Certification Europe (now Amtivo Ireland) is an accredited certification body which provides ISO management system certification, including ISO 27001.

Avanan

Avanan

Avanan is The Cloud Security Platform. Protect all your SaaS applications using tools from over 60 industry-leading vendors in just one click.

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

mnemonic

mnemonic

mnemonic helps businesses manage their security risks, protect their data and defend against cyber threats.

Futurex

Futurex

Futurex is a globally recognized provider of enterprise-class data encryption solutions.

Quadrant Information Security

Quadrant Information Security

Quadrant Information Security is a consulting firm committed to supporting organizations in all vertical markets and protecting their sensitive data.

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC) was founded to develop and implement information security practices in Dubai.

miniOrange

miniOrange

miniOrange is a cloud and on-premise based identity and access management (IAM) solution provider.

Cellopoint

Cellopoint

Cellopoint is a leading manufacturer of information security and email lifecycle management (ELM) products.

Anglo African

Anglo African

Anglo African is an information technology firm providing end-to-end solutions to different industries, from IT Infrastructure to DataCom as well as Cloud & InfoSec services.

Militus

Militus

Militus provides the only information security service available that learns and analyzes your network over time using a custom-built network-based toolset.

Veridium

Veridium

Veridium is a leader in single step - multi factor biometric authentication, designed to safeguard enterprises’ most critical assets.

7layers

7layers

7layers has established itself as one of the world’s leading test house groups for mobile devices and the growing number of wireless devices, modules and chipsets.

Darktrace

Darktrace

Darktrace is a global leader in cybersecurity AI, delivering complete AI-powered solutions in its mission to free the world of cyber disruption.

63 Moons Technologies (63MT)

63 Moons Technologies (63MT)

63 Moons Technologies is a world leader in providing next-generation technology ventures, innovations, platforms, and solutions.

NOYB

NOYB

NOYB is a non-profit organization aiming to close the gap between privacy laws and the reality of corporate practice.