We are under attack from both within and without
Two significant items appeared in the news recently. The first was the announcement that the US Department of Justice has charged four Chinese military hackers in the 2017 breach of Equifax. The second is the release of the new US National Counterintelligence Strategy for 2020.
Regarding the Equifax and other known breaches, US Attorney Bill Barr confirmed, “. . . our cases reveal a pattern of state-sponsored computer intrusions and thefts by China targeting trade secrets and intellectual property . . .”
William Evanina, Director of the National Counterintelligence and Security Center and author of the newly published Counterintelligence strategy, notes that China and others “. . . are employing innovative combinations of traditional spying, economic espionage, and supply chain and cyber operations to gain access to critical infrastructure, and steal sensitive information, research, technology, and industrial secrets.”
The intersection of these two events is clear: we are under attack from both within and without. These threats are only increasing. In my direct experience, China combines technical methods and planted or recruited spies to penetrate and steal intellectual property. I uncovered multiple examples of Chinese scientists employed within public and private entities for the primary purpose of stealing intellectual property. Simultaneously the same organizations were under cyber-attacks focused on stealing similar and other data. Only after creating coordinated counter threat staffs beyond the IT department, were we successful in discovering the full extent of both human and technical collection activities.
Most organizations only look at the technical aspect of cyber security, ignoring the human factor, as evidenced by the placement of insider threat initiatives under IT departments. In order to successfully counter the totality of threats, however, four actions are necessary:
- Identify and prioritize crown jewels (personnel, operations, holdings, and data).
- Incorporate representatives from physical security, cyber security, counterintelligence, IT, HR, General Counsel, Privacy, Civil Liberties, and others under one “counter threat” umbrella that reports directly to the C-suite.
- Implement necessary policies, processes, and procedures with advocacy from the C-Suite.
- Continuously train all employees in security policies and protocols.
All organizational policies, programs, processes, and supporting technology must be as agile as the security threat, ensuring appropriate outcomes and protected crown jewels.