Friday, March 31, 2017

Economic Espionage: Declining, or just more stealthy?

by Taylor Armerding 
Eighteen months ago, President Obama and Chinese President Xi Jinping announced, with considerable fanfare, an agreement aimed at curbing economic espionage... 

So, with Xi due to meet with President Trump in early April, an obvious question is: Has the agreement been effective?...

The reviews on that are mixed...

Robert Silvers, writing on the Lawfare blog, called the statement, “a landmark concession” by the Chinese, and said in the months since, multiple researchers and analysts had concluded that the agreement, “coincided with a significant downturn in Chinese hacking activity.”...

FireEye iSIGHT Intelligence, concluded that while “unprecedented action by the US government” was a factor in the decline, it actually began in the middle of 2014 – more than a year before the Obama/Xi agreement...

John Quinn, former Far East specialist for the CIA, a more tempered view of the impact of the agreement. “I would characterize it as a work in progress, but a good start,” he said....

Israel Barak, CISO of Cybereason, means the conclusion that economic espionage has decreased is “problematic.” “Fewer attempts might mean they already have access,” he said. “The amount attributed to cyber crime in manufacturing, health care and other industries is constantly on the rise.”...

As Kevin Murray, director at Murray Associates, put it, “once someone starts closely watching the cookie jar, the thief is forced to become more crafty.”

Murray, however, contended that the private sector needs to be much more effective in protecting itself. He pointed CSO to a 2015 blog post in which he declared: “We fight like hell for our freedom, but we let the world pick our intellectual pockets.”

Murray said the “punish-the-spy” model isn’t enough – that corporations should be held accountable as well, for failure to protect their assets.

We need a law creating business counterespionage security standards, with penalties for inadequate protection,” he said, arguing that the US already, “successfully employs the same concept with medical and financial record privacy.more