Say computer security to someone with a computer technology degree and the person’s associations are likely to do with the mechanics of security: types of exploits, known vulnerabilities, human engineering issues, and devising security infrastructures that can withstand attack. But knowing how to protect what you have is only part of the battle. You also need to know what to protect.
The days when the biggest danger was from so-called script kiddies, criminal hackers, and even hactivist groups like Anonymous are over. Computer attacks have become a weapon of choice in geopolitical struggles as foreign parties become major threats to intellectual property and sensitive business data. According to the U.S. Office of the National Counterintelligence Executive, individuals and foreign intelligence services are using electronic attacks to steal economic secrets from the west.
Both China and Russia are major participants in cyber industrial espionage, according to the agency. However, even some U.S. allies “use their broad access to U.S. institutions to acquire sensitive U.S. economic and technology information, primarily through aggressive elicitation and other human intelligence tactics.” But these other countries often have advanced cyber capabilities as well. Economic espionage is nothing new. Talk to people who have done business extensively over the last 20 to 30 years and you’ll even hear stories of European countries trying to learn the plans of U.S. first to better compete with them.
What makes the new forms of economic espionage so much more dangerous is that they can quickly gain access to more material than would be possible through paper or gathering from individuals in the same amount of time. You might be tempted to say that it doesn’t matter: security is security. And from one standpoint, that is true. However, ultimately you don’t protect devices, networks, or servers. You protect information. The first step is to know what information is most at risk.
Instead of consumer identities and credit card numbers, those involved in espionage want data that encapsulates competitive advantages and economic value. That is to say, they want such things as trade secrets, processes, formulae, engineering diagrams, and design specifications. According to the Office of the National Counterintelligence Executive, the following are some of the areas of greatest interest:
- information and communications technology
- military technologies
- clean technologies
- advanced materials and manufacturing techniques
- healthcare and pharmaceutical research and formulae
- agriculture technology
Chances are that information falling into these areas resides on different servers and maybe entirely different networks than the consumer personal data and credit card numbers do. You can only make sure the right doors are locked if you’re checking the proper building. Know what hackers might want and it tells you where you need to beef up your protection.