The US Office of the National Counterintelligence Executive (ONCIX) has published a report identifying China and Russia as pre-eminent users of industrial and economic espionage (IEE) committed over cyberspace against US public and private entities. ONCIX estimates that annual losses to US organizations from IEE may be as high as US $398 billion, or 2.8% of GDP. China is named as a “persistent collector” of sensitive information — 86% of cases litigated under the Economic Espionage Act 18 USC § 1831 in 2010 were linked to China, and several attacks on computer systems of Fortune 500 companies were launched from Chinese Internet Protocol (IP) addresses. Two examples of such attacks are VeriSign’s January 2010 identification of the Chinese government as the sponsor of intrusions into Google’s networks, and McAfee’s February 2011 attribution of the “Night Dragon” virus, used to steal data from several energy companies, to IP addresses originating in Beijing. The report also names Russia as a “persistent collector” for strategically leveraging its extensive and sophisticated intelligence capabilities against the US. In 2010, US authorities arrested ten Russian Foreign Intelligence (SVR) agents tasked with collecting economic and technological information. Entities in the following business areas have been identified in the report as particularly vulnerable to IEE attacks: information and communications technologies; scarce natural resources; military technologies; and technologies in rapidly growing sectors of the economy such as clean energy and health care/pharmaceuticals. The report calls on CEOs and Boards of Directors to thoroughly re-consider their IT strategies to manage the risk of IEE attacks by considering the following elements:
  • an “information transparency” strategy that determines how open or closed the company needs to be, based on the services provided;
  • an “insider threat” program and awareness of threats;
  • effective data management, including enhanced security of e-mail;
  • network security, auditing and monitoring; and
  • contingency planning.
For a link to the report, visit: http://tinyurl.com/638opk9. Summary by: Darren Hall

E-TIPS® ISSUE

11 11 16

Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.

E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.

By Editors
Deeth Williams Wall November 16, 2011 November 16, 2011 July 8, 2015
Cybersecurity