By Pam Benson
For the first time, the United States is publicly accusing China and Russia of being the top offenders in the theft of U.S. economic and technology information, according to an intelligence report released Thursday.
The two countries are "trying to build their economies" on American research and development, said Robert Bryant, the National Counterintelligence Executive whose office wrote the report.
That office is responsible for mounting an integrated national counterintelligence battle against foreign intelligence threats to the United States, according to its website, and must compile such a report every two years.
An unclassified version of the report to Congress on Foreign Economic Collection and Industrial Espionage was released Thursday and focused primarily on the exploitation of cyberspace from 2009 to 2011.
"U.S. private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China," said the report.
It noted that analysts could not pinpoint specific responsibility for many of the intrusions, but Bryant said the source of the attacks could be government intelligence services, corporations or individuals.
The report was more specific about Russia.
"Russia's intelligence services are conducting a range of activities to collect economic information and technology from U.S. targets," it said.
"The nations of China and Russia, through their intelligence services and through their corporations, are attacking our research and development. That's a serious issue, because if we build their economies on our information, I don't think that is right," Bryant said at a news conference unveiling the report. He hoped that by pointing out the problem with the two nations, it will help spur solutions.
The latest intelligence community assessment comes on the heels of House Intelligence Committee Chairman Mike Rogers' harsh criticism of what he referred to as China's "predatory campaign" of stealing U.S. intellectual property. Last month, Rogers said the cyber attacks against the United States had reached "an intolerable level" and were harming U.S. national security.
In a statement released Thursday, Rogers said the report "once again underscores the need for America's allies across Asia and Europe to join forces to pressure Beijing to end this illegal behavior."
But foreign economic espionage against the United States isn't limited to China and Russia. The report indicates cyber attacks against America have come from dozens of other countries, but it doesn't name those nations.
The cost to both national security and private business is said to be considerable, but difficult to quantify. Bryant said American companies and the U.S. government produce approximately $400 billion of research and development each year. Depending on whose figures you go by, the losses each year range from $2 billion to as much as $400 billion - estimates that Bryant called "meaningless."
The report broadly states that if a hostile nation such as Iran or North Korea illegally obtains U.S. technology with military applications, it could endanger American lives.
The FBI has prosecuted a number of espionage cases involving private companies, in which the economic impact was cited. The report gives the example of the Valspar Corporation, where an employee downloaded proprietary paint formulas that he planned to take to a job in China. The theft was valued at $20 million, representing one-eighth of Valspar's annual profit.
Stratfor, a global intelligence analysis firm, has written extensively about recent Chinese espionage cases directed against the U.S.
Tackling the problem isn't easy. Sean Noonan, a tactical analyst for Stratfor, said private companies are often reluctant to report such attacks to the government. "It's a business issue for these companies. If it goes public, they've seen in the past that it could hurt them, hurt their business more and more," said Noonan.
He also noted the privacy issues that inevitably arise when the government is involved in cyber defense measures.
Another difficult issue is how much information the government can provide to private industries about cyber attacks without compromising secrets. Roger Kubarych, the national intelligence officer for economic issues with the National Intelligence Council, admitted it's a problem.
"There are going to be limits on how much information and expertise and knowledge the government and its expertise agencies can share with the private sector, but there's more available than there was," said Kubarych.
A senior U.S. intelligence official, who briefed journalists on the report on the condition of anonymity, said a public-private partnership is the key.
"There needs to be improved threat reporting by industry and there needs to be communication back by the government to industry as to best practices and how to prevent the theft of significant economic issues," the official said.
The outlook isn't particularly bright. According to the report, Russia and China will continue to lead the pack in attacking U.S. systems.
"We judge that the governments of China and Russia will remain aggressive and capable collectors of sensitive U.S. economic information and technologies, particularly in cyberspace," it said.
But the report also warns that changing economic and political developments around the world could lead other nations to steal U.S. economic secrets.
There's also the threat of disgruntled insiders within corporations or government agencies leaking sensitive information to activists, who publicly release the information, much like the dissemination of confidential State Department cables on the website WikiLeaks.