SAN FRANCISCO — The year 2019 was a “very bad year” for insider threats causing harm to the intellectual property of the private sector and the government, senior government security officials said Feb. 25.
Central to concerns is China, which for years has been infiltrating the networks of defense contractors and tech companies and stealing their technology, and how the country is now going beyond cyberattacks and increasingly relying on insiders to steal IP instead.
That’s a trend that the intelligence agencies inside the U.S. government have seen since former President Barack Obama and Chinese President Xi Jinping agreed to halt the theft of IP, a deal that hasn’t been entirely successful and pushed the Chinese to steal IP outside of the cyber realm.
“What we ... saw since that understanding is the [Chinese] intelligence services becoming involved in developing and expanding the insider threat, which wasn’t, strictly speaking, covered by the understanding, but obviously covered by the spirit of the understanding,” said John Demers, assistant attorney general for national security, speaking at the the RSA Conference.
According to Demers, the Department of Justice has seen cases where employees are directed by Chinese intel agencies to implant malware on a desktop to exfiltrate data back to China, as well as through the Thousand Talents program, in which employees are encouraged to steal IP and take it back to China, which Demers called a “serious problem” particularly for academia. In recent months, the DoJ has charged several Chinese nationals with ties to U.S. companies or universities with conspiracy to pass along trade secrets to China.
Each year, the United States loses up to $600 billion due to intellectual property theft, according to some estimates.
"At the end of the day the insider threat is the most vicious and pernicious threat that we face as a nation and private sector,” said Bill Evanina, director of the National Counterintelligence and Security Center.
To protect against insider threats, companies must include insider threats in their enterprise cybersecurity strategy. The plan must include be enterprisewide, including both the CEO and lowest-level employees.
“You have to identify what are the things that we make that other people want and then protect them,” Evanina said. “And that has to include bringing in human resources to the posture of securing what you do that’s awesome because every company makes something that others want.”