We need to develop a collective consciousness for coping with the growing menace of cyber attacks, says Stanton Sloane.
News of cyber security attacks is becoming all too familiar. Recent reports propose how to combat sophisticated, custom-created malware designed to penetrate government and private industry computer networks, and steal national security secrets. This has raised overall awareness of the problem, but not as much attention has been placed on a key business concern: the theft of commercial intellectual property. We need to develop a collective consciousness for coping with the growing menace of cyber attacks, particularly given the economic and safety issues triggered when valuable intellectual property is the target. That's why advocating a public-private industry collaboration makes the most sense. The isolated efforts of individual nations, industry groups, or companies will be ineffective against 21st century intellectual property crime. This is a bigger problem. A few examples illustrate the point:
- According to the Office of the United States Trade Representative (USTR), intellectual property theft costs American corporations $250 billion every year. Among those affected are manufacturers, distributors, retailers, employees, artists, consumers, and governments.
- The costs of intellectual property theft are not solely economic; the public's health and safety is also affected. For instance, intellectual property thieves can make huge profits from selling cheap counterfeit versions of products, not only where safety and reliability are essential, but also when brand recognition is key to consumer confidence and loyalty. One example: counterfeit airplane parts played a role in at least 166 U.S.-based accidents or mishaps during a recent 20-year period.
- United States Customs and Border Protection estimates that 750,000 American jobs have been lost due to counterfeiting.
- The U.S. Chamber of Commerce Global Intellectual Property Center estimates that intellectual property in the United States is worth between $5 trillion and $5.5 trillion. It accounts for approximately half of U.S. exports with roughly 40 percent driving U.S. economic growth. The impact of intellectual property theft on the U.S. economy is irrefutable.
- Research from the non-profit U.S. Cyber Consequences Unit indicates that the destruction from a single wave of cyber attacks on critical infrastructure could exceed $700 billion, or the equivalent of 50 major hurricanes hitting U.S. soil at once.
Beyond the economic impacts, theft of intellectual property provides a significant advantage in learning curve for the thief. My hypothetical example would be the time involved in developing manufacturing techniques to produce advanced jet engine components. Theft of the processes, techniques, and tools required to produce these components instantly provides the thief with years of experience, and quickly levels the competitive landscape.
This is not a new problem. But when we move from the realm of music “pirates” or theft of soft drink formulations into organized, state-led thefts of critical technologies, the threat to national security increases exponentially, even though it is not a direct attack on our defense networks.
There is no simple solution to this problem. The first step, however, must be recognition of the scale and scope of the problem. It is underestimated today. Given the impact an average hacker can create with a simple virus, you can appreciate what a well-financed foreign government-sponsored intelligence organization can do to penetrate a commercial company's network and extract critical intellectual information. Simple virus detection software is not an adequate defense against that type of threat. It is a complex system engineering problem, one which requires a collective government-industry collaboration to counter.
There also needs to be consequences for nations that conduct these activities, or who fail to pursue and prosecute criminals operating within their borders. Granted, that is a hard problem to solve in an age of globalization where international relations are very sensitive, but the alternative is an accelerating shift of technology and financial power out of this country. While current political rhetoric makes us feel good about increasing the country's investment in research and technology, it is pointless to do so if it is just going to be pirated by our foreign adversaries. We are simply saving them the time and money of doing it themselves.
The time for action is now. A “Cyber Pearl Harbor” is in reality an “Economic Pearl Harbor.” The only difference is that the enemy has quietly opened all the underwater valves on the ships, instead of dropping torpedoes.
Dr. Stanton Sloane was appointed president and CEO of SRA International in April 2007.