Yesterday, C. Frank Figliuzzi, the head of the U.S. Federal Bureau of Investigation’s counterintelligence division, testified [PDF] that based on the FBI's pending case load, "economic espionage losses to the American economy total more than $13 billion" and that the threat, which is coming from foreign governments, corporations, hackers and insiders, is growing. In his testimony to the Intelligence Subcommittee of the House Homeland Security Committee, he indicated that one primary cause has been the continuing global economic financial crisis.

Figliuzzi said that:

"With each year, foreign intelligence services and their collectors become more creative and more sophisticated in their methods to undermine American business and erode the one thing that most provides American business its leading edge; our ability to innovate..."

"What we're seeing is that foreign nations and their intelligence services are understanding more than ever before that it's cheaper to steal our technology than to use their budget resources in this time of economic crisis to develop it themselves."

Figliuzzi also told the Los Angeles Times that while  the FBI and others are becoming better at identifying who is behind electronic espionage, there is still no consensus on what to do once a culprit is identified. "That's a big question," Figliuzzi was quoted as saying. Given previous history, it won't likely be answered anytime soon.

Of course, it doesn’t help matters when U.S. companies illegally sell banned software to foreign countries, like United Technologies admitted to doing. The software helped China develop its first modern attack helicopter, according to Reuters. United Technologies paid only a $75 million penalty for doing so, which is paltry considering that the company makes $58 billion a year and that it deliberately sold the software to gain economic favor with the Chinese government. The cost to the U. S. military is hard to quantify, but it is probably a lot higher than $75 million.

Another thing that doesn’t help is the IT security carelessness of employees. Even at the U.S. Department of Homeland Security, where employees really should know better, the Inspector General found that they routinely log onto DHS networks with unapproved electronics including e-readers, thumb drives, MP3 players, GPS units, external drives, etc., and regularly fail to encrypt sensitive information on their government-issued Android devices, according to Government Executive magazine. Gov Exec goes on to say that the DHS officials claim that "they have no way of stopping personnel from hooking up devices to their workstations" and that they try "to block the electronics from the network by distributing only government-procured devices and by educating employees not to use such [unauthorized] devices on government computers."

It doesn’t look like the IT security education is sticking very well.

Of course, the $13 billion figure for economic espionage given by Figliuzzi is only an educated guess since corporations are often loath to reveal that they have been hacked. That may change soon, if Sen. Jay Rockefeller, chairman of the Senate Commerce, Science and Transportation Committee, has his way.

As you may recall, last year the US Security and Exchange Commission (SEC) Division of Corporation Finance issued guidance "... regarding disclosure obligations relating to cybersecurity risks and cyber incidents." The SEC wants public companies to disclose the risk of cyber incidents if these issues are among the most significant factors that make an investment in the company speculative or risky.

However, the requirement isn’t mandatory, and there are enough loopholes in the guidance that most companies can safely ignore it. What Rockefeller wants, according to the Associated Press, is for the SEC to make it crystal clear when public companies must disclose breaches as well as tell investors what they are doing to keep cyber threats at bay. It is too soon to tell whether he will be successful, but I think it is a long overdue requirement.

The Conversation (0)

How the FCC Settles Radio-Spectrum Turf Wars

Remember the 5G-airport controversy? Here’s how such disputes play out

11 min read
This photo shows a man in the basket of a cherry picker working on an antenna as an airliner passes overhead.

The airline and cellular-phone industries have been at loggerheads over the possibility that 5G transmissions from antennas such as this one, located at Los Angeles International Airport, could interfere with the radar altimeters used in aircraft.

Patrick T. Fallon/AFP/Getty Images

You’ve no doubt seen the scary headlines: Will 5G Cause Planes to Crash? They appeared late last year, after the U.S. Federal Aviation Administration warned that new 5G services from AT&T and Verizon might interfere with the radar altimeters that airplane pilots rely on to land safely. Not true, said AT&T and Verizon, with the backing of the U.S. Federal Communications Commission, which had authorized 5G. The altimeters are safe, they maintained. Air travelers didn’t know what to believe.

Another recent FCC decision had also created a controversy about public safety: okaying Wi-Fi devices in a 6-gigahertz frequency band long used by point-to-point microwave systems to carry safety-critical data. The microwave operators predicted that the Wi-Fi devices would disrupt their systems; the Wi-Fi interests insisted they would not. (As an attorney, I represented a microwave-industry group in the ensuing legal dispute.)

Keep Reading ↓Show less