Hard work, sweat-equity, and tenacity have historically been the underpinnings of entrepreneurship. However, there is a business model that has been supplanting these age-old tenants. The epoch of home-grown inventiveness has regrettably been superseded by an era where replication, fraud, and misappropriation are exponentially more financially lucrative. This is particularly evidenced by the fact that the costs of misappropriating proprietary data, to include Intellectual Property Rights (IPR), are practically nonexistent, and a sense that the IP playing field is somehow leveled for developing countries through theft.
The director of the National Security Agency (NSA), U.S. Army General Keith B. Alexander is extensively quoted as saying cybercrime is “the greatest transfer of wealth in history.”
As chilling as this statement is, consider the further-ranging implications when taken against the impact on our national security posture, particularly as related to strategic U.S. industry market share and profitability.
“The individual stories are infuriating. In one recent instance, a foreigncompany counterfeited a high-tech product it had been purchasing from a U.S. manufacturer. The customer then became the U.S. company’s largest competitor, devastating its sales and causing its share price to plummet 90 percent within six months (the company was American Superconductor and the product was wind turban technology).”1
Estimates range to highly-leveraged IP businesses comprising 20% of all U.S jobs. That’s a formula for catastrophe when taken against cyber theft. This type of theft involves the misappropriation of ideas and material safeguarded by a country’s patents, copyrights, and trademark laws.
There is ample evidence to wag a finger at China as the leading culprit in the direct theft of, or even the subsidizing of, cyber espionage.
There are “…four major reasons why China…steal(s) IP from the U.S. and Europe (1)…there is the desire or need to catch up on technologies (2)…the influence of communism…has not contributed to a history of strong Intellectual Property rights in China. (3)…need to keep the communist party on top and with some semblance of legitimacy (4)…Chinese are afraid that they are physically and mentally incapable of developing their own technology”1
All but the last reason seem plausible enough. Number 4 may have been true historically; however, continuing to assume this as a given today would undoubtedly lead to seriously flawed strategy should “The Big One” ever ensue.
It may be difficult for Westerners to comprehend, but China’s national industrial policy goals encourage the theft of intellectual property. Perhaps easier said than done, to dampen the recidivism of IP theft will in the end require making it unprofitable – an extremely daunting task.
The “U.S. International Trade Commission said that if China improved their IP protection laws to be similar to the U.S., we (the U.S.) would see an increase of $107 billion in sales and 2.1 million jobs.”1 Assuming this was true; it is truly amazing that one nation-state can have such a strangle-hold on another, without even sticking a gun into the victim country’s ribs. This is particularly so, since the state being aggrieved is in essence being held hostage due to not wanting to potentially upset the others’ economic apple cart (read vulnerability to collapse). Specifically, to manipulate one of the world’s most robust economies would upset the equilibrium of the financial status quo, in turn potentially contributing to the world economic balance being thrown into a tailspin. To further exacerbate the situation, and to stymie remediation, many organizations are reluctant to admit compromise due to it potentially detracting from future sales and, perhaps even more importantly, the negative effect on corporate brand.
At this point, the U.S. might also be well-advised to employ strategies outside the bun. For example, since U.S. universities educate a significant number of students from cyber-offending countries, many of those students (unless susceptible to some type of coercive action at home) could well be incentivized to remain in the U.S. after completing their studies. This could take the form of tuition assistance, employment assistance, favorable visa determinations, and the like. This opposed to their returning to their homeland and risking them utilizing their new-found knowledge to compromise our IP – or even more devastatingly, to promulgate sabotage.
“DHS is poised to release a report on incentives for adopting the (cybersecurity standardization) framework….”2 A remaining flaw, however, is that industry acceptance will be voluntary. It will likely require more cyber-pain to be inflicted upon corporate America until, for National Security reasons, these regulations will become mandatory.
It’s interesting to note that the authors of the Blair-Huntsman IP Commission report name “…actors in China as responsible for ‘between 50% and 80% of the problem’…commissioners explicitly do not recommend legalizing aggressive cyber-attacks in retaliation for incursions”3
Although “hack-back” is currently discouraged due to the absence of legal precedent and codification, organizations must approach their security from the standpoint of the intruder vs. simply those protecting an environment; this can best take form with counterintelligence at its nexus.
To demonstrate the severity of the problem, industry yearly IP loss estimates range from $300B and beyond (approaching 2% of GDP). This is particularly true of those companies targeting and/or collaborating with international markets. Add to this the widely reported and alarming fact that at least 1 million American workers are estimated to be idle due to the enormity of yearly IP theft.
Even though potentially difficult to orchestrate, it has been recommended that the U.S. restrict its Financial System from those foreign entities that repeatedly steal IP from U.S. companies; thereby ratcheting up the pain factor on international companies wanting to invest in and/or request access to U.S. stock exchanges. “Some argue that keeping firms listed in the U.S. could help pressure them to engage in more internationally trusted accounting practices”3, and, by inference, decrease the amount to cyber theft.
Pie-in-the-sky? Only time will tell; and who knows, the situation may even escalate to a point where hack-back becomes the norm (perhaps even incorporating elements of standoff military strike) making the costs, both financially and/or personally, so prohibitive that most “combatants” will be priced out of the cyber-theft marketplace altogether.
1Protecting U.S. intellectual property rights; By: Dennis Blair and Jon Huntsman Jr., May 21, 2013 – http://articles.washingtonpost.com/2013-05-21/opinions/39419359_1_protecting-u-s-u-s-pacific-command-china
2Lawyers targeted as ‘weak link’ in cybersecurity network; By: Rick Weber, Inside Cybersecurity, August 5, 2013 – http://insidecybersecurity.com/Cyber-Daily-News/Daily-News/lawyers-targeted-as-weak-link-in-cybersecurity-network/menu-id-1075.html
3Evaluating 3 key recommendations of the Blair-Huntsman IP Commission report; By: Graham Webster, Transpacifica, May 23, 2013 – http://transpacifica.net/2013/05/23/evaluating-3-key-recommendations-of-the-blair-huntsman-ip-commission-report/