Foreign spies, including U.S. “allies and partners,” are stealing the nation’s vital industrial and commercial secrets by infiltrating computer networks, according to a report from the top U.S. spy catcher.
“Some U.S. allies and partners use their broad access to U.S. institutions to acquire sensitive U.S. economic and technology information,” states the report from the National Counterintelligence Executive (NCIX).
Such nations carry out cyberespionage and traditional spying, “often taking advantage of the access they enjoy as allies or partners,” adds the 31-page report, “Some of these states have advanced cyber capabilities.”
“The French and the Israelis are among those [allies] who have done this,” said Joel F. Brenner, President Obama’s head of NCIX, citing material cleared for publication in a book he wrote after leaving government in 2009.
Thursday’s report, which NCIX produces every two years for Congress, does not identify any of the allies involved; but in a break from tradition, it made broad statements about Russia and China, the nations behind the most aggressive economic spying.
“Russia’s intelligence services are conducting a range of activities to collect economic information and technology from U.S. targets,” it says.
“It was a good decision” to name names, said Michelle Van Cleave, who headed NCIX under former President George W. Bush.
“It was always frustrating to the counter-intelligence community” that they were not allowed to publicly say “anything that could cause diplomatic problems with the Chinese or for that matter the Russians,” she said. She called the change of policy “refreshing.”
“The candor is extraordinary and very unusual,” added Mr. Brenner.
He said that with so many public accusations against China from private-sector victims of their economic espionage, the government would have “looked silly if it did not acknowledge” that the bulk of the attacks were coming from Beijing.
China and Russia both routinely deny conducting economic espionage. A spokesman for the Chinese Embassy in Washington called the allegations “unwarranted” and “irresponsible.”
China is “firmly against … any form of unlawful cyber-intrusion activity,” Wang Baodong said in a brief interview.
The NCIX report says private sector cybersecurity specialists “have reported an onslaught of computer-network intrusions that have originated in China.”
The authors stop short of blaming the Chinese government, saying U.S. intelligence agencies “cannot confirm who was responsible.”
“That is a rather disturbing admission,” said Ms. Van Cleave. “Why haven’t we made more aggressive efforts to identify the source and taken steps to stop it?”
The report says that cyberspying is already a larger threat in economic espionage than traditional means of intelligence collection.
“It is in the conjunction of cyber and traditional techniques that the real danger lies,” Ms. Van Cleave said.
Computer-security companies say billions of dollars worth of U.S. intellectual property and other trade secrets is stolen every year.
The NCIX report does not put a figure on the value of what is being stolen, but says the total U.S. spending on research and development, nearly $400 billion a year, is a reasonable proxy measure for the size of the target.
The report also says that there are new targets for industrial spying, like civilian technologies “in sectors likely to experience fast growth, such as clean energy and health care/pharmaceuticals.”
“That is new and worthy of attention,” said Mr. Brenner.