Industrial Espionage – Much Worse Than Credit Card Breaches
General Keith Alexander, former director of the National Security Agency, said that cyber espionage is the greatest transfer of wealth in history. In 2012 when he made that statement, the the value of cyber industrial espionage on an annual basis was $338 billion. Per year. 5 years later I am sure that number is greater.
Of course industrial espionage is not new. In the early 18th century John Lombe, a British silk spinner went to Italy to steal the technology of an Italian company. At night, by candlelight, he sketched drawings of the Italian company’s machines that he had managed to get a job working for. He returned to England with the stolen technology and built a better machine to compete with the Italians. Industrial espionage is not new.
What is new is the ease with which this can be done. With everything being connected, you can now steal secrets from half way around the world. And with cyber security practices at many businesses being a bit lax (there are a few industries for which this is not the case, but they are the exception), it is pretty easy to do. Even defense, which you think would be secure, is not. Lockheed lost the technology for the F-35 and now the Chinese make a knockoff and sell it at a fraction of the price.
Unlike credit card or personal information theft which is required to be disclosed, for the most part, stolen intellectual property is kept quiet. It is embarrassing and would likely make stockholders upset. What they don’t know won’t hurt them.
As the manufacturing process becomes more computerized, it is a huge leak opportunity. Traditional IT security solutions sometimes don’t work on the factory floor. Crooks know that and attack at that weak spot. In the absence of controls, detection and good processes, the crime will go undetected.
Fast forward a couple of centuries.
6 men in Houston were arrested for stealing technology for creating marine foam. China wanted to increase it’s marine business and this foam is used in building boats due to its special buoyancy.
The Chinese, like John Lombe above, spent years weaseling their way into the company in Houston that makes this. The crooks sent the info back to China who then had the gall to try and sell it back to the company they stole it from saying they could make it for less.
In the process of stealing the information they kept coming back to the insiders in the U.S. to get more information when their efforts at cloning the process was not working.
Now, except for one guy who is in China, they are all under arrest. BUT, the technology has already been stolen, so it is not clear how this company can get the genie back in the bottle. Not clear at all.
Supposedly, this information that was stolen was only known to about a half dozen employees in this company – it was the company’s crown jewels and now the cat is out of the bag.
The company considered buying the stuff from the Chinese knockoff IF the Chinese would give them an exclusive. SO, rather than go public and be outed, they proposed making a deal with the devil.
When the Chinese started offering this U.S. company’s technology to other companies in the U.S., the company called in the FBI. That started an investigation and, eventually, the arrest of these 6 engineers. FOUR years later.
Unfortunately, this is one of, likely, thousands of incidents. Stopping one will NOT stop the hackers. They just consider that an acceptable loss or collateral damage to the bigger game.
And American companies continue to ignore the warning signs (because, in many cases, there are no warning signs because the companies who got hacked keep the attack quiet).
Think about what happens to your company if you lose control of your intellectual property, whatever that is.
Information for this post came from IIoT World and the Houston Chronicle.