"It's very difficult to identify the extent of the risk," says Peter Toren, a former federal prosecutor in the Computer Crimes & Intellectual Property Section of the U.S. Department of Justice; Toren is now an IP and computer crimes expert with Weisbrod Matteis & Copley and author of Intellectual Property and Computer Crimes.
"In computer hacking, you really only learn about the successful hacks, and even then it's only the proverbial tip of the iceberg," Toren says. "Many companies are reluctant for a variety of reasons to report a breach."
"It's also very difficult, especially with China, to identify who's sponsoring the attacks," Toren adds. "In China, the line between the private enterprise and the state-owned enterprise can be very muddy and blurred. It's very difficult to distinguish between the two."
However, Toren notes that about 30 percent of the cases the U.S. government has brought under the Economic Espionage Act of 1996 have had some sort of Chinese connection. The first trial conviction under the act involved Dongfan Chung, a Chinese native working as an engineer at Boeing. Chung spent 30 years providing U.S. aerospace technologies to China, including details on the U.S. Space Shuttle Program and Delta IV rocket. He was sentenced to 16 years in prison in February 2010.
U.S., Allies Must Pressure China to Stop Cyber Espionage
"There is a rich history over the centuries of governments and militaries conducting espionage on each other to better understand each other's plans, intentions and capabilities," U.S. Rep. Mike Rogers, chairman of the House Intelligence Committee, said in the opening statement of a hearing on cyber threats in 2011.
"These espionage activities over the years, however, have largely been focused on collecting intelligence on foreign governments and militaries, not on brazen and wide-scale theft of intellectual property from foreign commercial competitors," he added. "You don't have to look far these days to find a press report about another firm, like Google, whose networks have been penetrated by Chinese cyber espionage and have lost valuable corporate intellectual property."
Rogers noted that many targets of these attacks won't talk about it in the press.
"When you talk to these companies behind closed doors, however, they describe attacks that originate in China and have a level of sophistication and are clearly supported by a level of resources that can only be a nation-state entity," Rogers said. "Attributing this espionage isn't easy, but talk to any private sector cyber analyst, and they will tell you there is little doubt that this is a massive campaign being conducted by the Chinese government."
"China's economic espionage has reached an intolerable level, and I believe that the United States and our allies in Europe and Asia have an obligation to confront Beijing and demand that they put a stop to this piracy," Rogers said. "Beijing is waging a massive trade war on us all, and we should band together to pressure them to stop. Combined, the United States and our allies in Europe and Asia have significant diplomatic and economic leverage over China, and we should use this to our advantage to put an end to this scourge."
Sign up for Computerworld eNewsletters.