For whatever the motivation behind the timing, the US government has decided to very publicly accuse China and Russia, as well as some unamed "US Partners" of conducting "persistent", "extensive", "sophisticated" cyber and human intelligence spying and information collection operations against US government, commercial and academic interests.
The accusations are contained in a new report to the US Congress by US intelligence agencies titled (PDF), "Foreign Spies Stealing US Economic Secrets in Cyberspace." The report, which was released yesterday, was produced by the Office of the National Counterintelligence Executive with the inputs from some 13 mostly intelligence-related US government agencies and departments.
The report highlights China and Russia as the two main cyber bad actors, with some US allies and partners also involved:
"- Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the IC cannot confirm who was responsible.
- Russia’s intelligence services are conducting a range of activities to collect economic information and technology from US targets.
- Some US allies and partners use their broad access to US institutions to acquire sensitive US economic and technology information, primarily through aggressive elicitation and other human intelligence (HUMINT) tactics. Some of these states have advanced cyber capabilities."
What is interesting is that while there are large sections on Chinese and Russian spying, there is not that much detail provided on the activities of US allies and partners.
The report goes on to list some of the primary targets of cyberspying:
"- Information and communications technology (ICT), which forms the backbone of nearly every other technology.
- Business information that pertains to supplies of scarce natural resources or that provides foreign actors an edge in negotiations with US businesses or the US Government.
- Military technologies, particularly marine systems, unmanned aerial vehicles (UAVs), and other aerospace/ aeronautic technologies.
- Civilian and dual-use technologies in sectors likely to experience fast growth, such as clean energy and healthcare/pharmaceuticals."
The report says that the, "losses of sensitive economic information and technologies to foreign entities represent significant costs to US national security," but can't put a dollar figure on the amount since:
"Estimates from academic literature on the losses from economic espionage range so widely as to be meaningless - from $2 billion to $400 billion or more a year - reflecting the scarcity of data and the variety of methods used to calculate losses."
China today called the report "irresponsible" according to Reuters, while Russia, has at least for now, apparently ignored it. I have no doubt, though, that similar reports from both countries are in the offing ready to accuse the US of the same if not worse cyber activities.
There are also a bunch of economic espionage posters the Office of the National Counterintelligence Executive has just released for those interested in plastering them up around your office cubicle or laptop.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.