A HISTORY OF INDUSTRIAL ESPIONAGE: HOW CHINA KEEPS UP WITH THE UNITED STATES MILITARY
More than a Financial Concern
Industrial espionage isn’t always just a commercial threat. For organizations that are part of the Defense Industry Base (the supply chain of the Department of Defense), industrial espionage is a threat to national security.
The People’s Republic of China (PRC) has a long, fruitful history of stealing or illegally modifying technology from other nations. This includes the theft of military technology. From arms to vehicles to surveillance technology, the PRC has built a considerable amount of its military strength on the research and design of other global powers—predominately the United States and Russia (and what was formerly the Soviet Union).
Here are just a few examples of the PRC’s theft of military technology, including industrial espionage, illegal modification, and outright copying.
Military Jet Technology
In 1961, the USSR transferred MiG-21 materials and blueprints to China under the agreement that the material would not be copied. Shortly thereafter, China created the J-7, a near copy, which it began to sell in direct competition with the MiG-21.
In 1996, Russia agreed to sell China the rights and production information for another military jet—the Su-27 Flanker. However, in a case not dissimilar from that of the MiG-21, China violated the terms of the agreement. They began manufacturing what were essentially Su-27s, but with their own avionics installed, resulting in the J-11.
In 2012, China unveiled the J-31. This caught the immediate attention of the Unites States intelligence community, as the J-31 bears a striking resemblance to the United States’ own F-35. American analysts would eventually assert that the J-31 is the result of the PRC’s industrial espionage against the United States. Specifically, the designs are suspected to have been stolen during a confirmed breach discovered in 2009.
Unmanned Aerial Vehicles (UAVs)
As little as fifteen years ago, the PRC’s UAV technology was far behind that of the United States. However, China appears to have caught up suspiciously rapidly. The United States Intelligence Community attributes this to the hacking of US government agencies and associated private companies by PRC agents. This included the hacking of private companies involved in UAV production (targets within the Defense Industry Base). After attaining this stolen information, China was able to produce drones that bear a striking resemblance to US models.
Night Vision Technology
Since the Vietnam War, the United States military has worked to strengthen its night vision capabilities. Even seemingly small advancements in this field could make a significant operational difference. According to 2013’s Annual Report to Congress on Military and Security Developments Involving the People’s Republic of China, night vision technology is a high-priority area for the PRC’s “advanced technology acquisition strategy.” China has attempted to acquire this technology through both cyber-infiltration and through the illegal purchase of export-controlled technology. Unauthorized purchase of controlled technology is often carried out by private business contacts who then pass the technology on to the Chinese government and other associated groups.
Defense Against Information Theft
Although these instances all deal with China in particular, theft of military technology is perpetrated by a wide variety of antagonistic parties, and it’s not just something for the government to worry about. It is vital that non-government organizations within the Defense Industry Base defend themselves against these threats.
Information can be stolen by a complete stranger exploiting gaps in network or physical security, but it could also be stolen by an insider threat deliberately leaking information to outside parties or selling it on the black market. Bolstering barriers to intrusion is not enough. Organizations must also ensure that access to sensitive information is closely monitored, whether that access is carried out by an outside infiltrator or an insider threat. This can assist in assessing the extent of a breach, the parties responsible, and the best way to prevent further infiltration. The practice of having defenses all throughout your organization rather than only at the perimeter is often referred to as defense in depth; this is the key to limiting the number of incidents and their severity.
Over the years, the government has responded to these threats with regulatory actions like the implementation of a number of DFARS clauses and the gradual rollout of the Cybersecurity Maturity Model (CMMC), but it is ultimately up to each company that participates in the Defense Industry Base to ensure that sensitive information stays out of the hands of those who may put it to ill use. For more information about CMMC, DFARS or achieving certification for your business, contact Dox Electronics, a CMMC-AB Registered Provider Organization (RPO), at (585) 473-7766.