NCSC warns industry, academia of foreign threats to their intellectual property

Russia and China continue to engage in IP theft to bolster their defense technology and economic standing, respectively. The National Counterintelligence and Security Center urges action.

CISOs of companies both small and large understand how intellectual property (IP) and company infrastructure may be targeted from one of four vectors: malevolent insiders, unscrupulous competitors, criminals, or nation states. While ransomware attacks emphasize how criminals monetize their ability to socially engineer individuals to click that link or attachment, nation states are quietly working to fleece the IP and gain foothold within targets of interest.  

The U.S. National Counterintelligence and Security Center (NCSC—an entity within the Office of the Director of National Intelligence) recently published a ten-page primer on the targeting of emerging U.S. technologies by these foreign threats. The primer cites artificial intelligence, the bioeconomy, autonomous systems, quantum information science and technology, and semiconductors as key sectors being targeted by foreign adversaries. But by no means are those the only sectors being targeted.

The NCSC first points their finger at both China and Russia, who view these sectors as a national security priority. China’s desire to globally dominate these sectors by 2030 is not a secret. Russia is focused on access to the technologies for its military industrial complex.

China IP theft focuses on academia and commerce

Central Intelligence Agency (CIA) Director William Burns recently announced the formation of the China Mission Center. Previous centers have been created in the past for counterterrorism and counterproliferation. Burns’s creation of the center focused on China is designed to have components of the CIA coordinate their work on China, who Burns describes as “the principal U.S. competitor.” The creation of the center also signals to industry how serious the U.S. intelligence community is taking its role to garner information on the capabilities, plans, and intentions of China, whose President Xi Jinping is driving to be the dominate global force.

At a recent cyber conference hosted by The Cipher Brief, Anna Puglisi, director of biotechnology programs at Georgetown University’s Center for Security and Emerging Technologies, noted how China’s focus on academia and commerce requires a pivot by the U.S. as “it's a very, very different threat than we had in the past."

Russia a threat to all entities

Russia may not be top-of-mind in the context of the IP theft discussion, yet it continues to be the focus of the U.S. government in what is being described as a “whole of government” approach to cybersecurity. CISA’s continued issuance of tutorials, playbooks, and advisories on the forms of malware (including ransomware) emerging from Russia should be mandatory reading by infosec teams. Similarly, the multilateral engagement to counter Russia’s unwillingness to clean its own house, signals to all entities how cybercrime is a global issue to address, and companies don’t get to opt out. They must be prepared for that day they fall into the target-sights of the foreign threat.

Burns recently visited Moscow and one of the issues raised was cyberattacks. He came with evidence, which he presented to high-ranking Russian security officials, that were intended to spur Russia into collaborative action.

China and Russia methodologies

The two nations may differ in technique and ultimate goals, but they are in full agreement that much of the information they desire sits within foreign public and private entities. The NSCS highlights the methods used by both China and Russia to acquire technology. The four vectors previously mentioned play host to these methods which NCSC categorizes as “legal, quasi-legal, and illegal methods.”

China and Russia’s quiver of arrows being used in their acquisition efforts include:

  • Intelligence services
  • Science and technology investments (China)
  • International scientific collaboration (Russia)
  • Academic collaboration
  • Joint ventures/business partnerships
  • Mergers and acquisitions
  • Foreign investment
  • Non-traditional collectors (including co-opted insiders)
  • Talent recruitment programs
  • Research partnerships
  • Front companies
  • Legal and regulatory actions
  • Government-to-government agreements

The annual counterintelligence and worldwide threat brief provided to Congress in April provided the backdrop for FBI Director Christopher Wray to comment how the FBI had over 2,000 investigations with a Chinese nexus open and was opening a new investigation “every ten hours.” While, Avril Haines, director of national intelligence, commented how the Chinese had substantial cyber capabilities and “if deployed, at a minimum can cause localized, temporary disruptions to critical infrastructure inside the United States."

CISOs’ hands are not tied

CISOs will be well served to assimilate the basic advice proffered by the NCSC on mitigating the foreign threat risks.

  • Be mindful of “foreign government-sponsored talent requirement plans.”
  • Take basic cyber-hygiene seriously.
  • Reign in social network usage, oversharing, and connecting with unknown persons.
  • Have in place a travel program based on the predicate that privacy does not exist and devices left unattended will be compromised.

Copyright © 2021 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline