Foreign intelligence agencies, corporations and individual hackers increased their efforts to steal proprietary technology in between 2009 and 2011, the report said. Some of the thieves are allies — the Israelis and the French have targeted U.S. commercial secrets, former officials have noted.
“The computer networks of a broad array of U.S. government agencies, private companies, universities and other institutions — all holding large volumes of sensitive economic information — were targeted by cyber espionage,” the report said. “Much of this activity appears to have originated in China.”
Indeed, “the Russians are very quiet and very good” at cyber-espionage, said Joel F. Brenner, the former national counterintelligence executive whose new book, “America the Vulnerable,” discusses the threat. “But for relentlessness and sheer volume, the Chinese are in a class by themselves.”
The report comes as other U.S. officials have increasingly spoken out about the massive transfer of wealth taking place through computer networks.
“This is definitely the golden age of cyber-espionage,” said Steven Chabinsky, deputy assistant director of the FBI’s cyber division. “Foreign states are stealing data left and right from private-sector companies, nonprofit organizations and government agencies.”
Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, recently accused China of “waging a massive trade war” on the United States and its allies that has reached “intolerable levels.” He has urged the United States to join with allies to apply diplomatic pressure on the Chinese to stop.
The head of the military’s U.S. Cyber Command, Gen. Keith Alexander, said one U.S. company recently lost $1 billion worth of intellectual property over the course of a couple of days.
Establishing the total dollar value of the data lost through cybertheft is so difficult as to be almost “meaningless,” Bryant said. Nonetheless, the report noted that the value of U.S. research and development is $400 billion. And credible estimates of the value of the data stolen generally range into the tens of billions of dollars annually.
A senior intelligence official, briefing reporters on the condition of anonymity, noted a few cases in which estimates were given in economic espionage prosecutions over the past six years: $100 million worth of insecticide research from Dow Chemical, $400 million worth of chemical formulas from DuPont, $600 million of proprietary data from Motorola, $20 million worth of paint formulas from Valspar.
Of seven insider theft cases prosecuted under the Economic Espionage Act in fiscal year 2010, six involved a link to China, the report said.
The threat is not just to the economy but also to national security, the report said. The illicit transfer of technology with military applications to a hostile state such as Iran or North Korea could endanger the lives of U.S. and allied military personnel.
To aid industry, intelligence officials are considering a proposal to share threat data with the private sector through a cyber version of the National Counterterrorism Center, which gathers and analyzes terrorism data from intelligence and law enforcement sources. Another model under consideration is a Pentagon project to help secure defense companies’ computers through the sharing of classified threat data with the firms that provide Internet service to the companies. Initial results are promising, officials said, and defense and homeland security officials are studying how they might expand it to other industries.
Where corporate America’s assets were once mostly tangible, today they are intangible — in the form of business plans, contract data, research and development, Bryant said.
“It’s time to have a national discussion” on how to protect that data, he said. “I’m tired of admiring the problem.”