FBI: Enterprises need counterintelligence

The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks.

Little publicly-available evidence exists to prove that foreign governments have backed or planned to launch attempts to steal intellectual property from U.S. corporations and researchers, but officials with the FBI claim that the problem is real and that American organizations must begin policing their operations more aggressively today to prevent valuable data from being stolen tomorrow.

In October, the FBI's Counterintelligence Domain Program -- which aims to foster cooperation between the agency and private entities to help organizations identify and protect potential intelligence risks -- will mark its first year in existence.

The program is already making significant steps in helping to close the gap between businesses and law enforcement to defend intellectual property from being left vulnerable to potential theft, FBI officials maintain.

"In the past, we've always been reactive to this type of scenario and essentially showed up after the fact to bring resources to bear on this type of crime, but we want to be more proactive to help businesses and academic institutions protect themselves before an incident occurs," said Tom Mahlik, who serves as chief of the Domain program for the FBI.

"We've always responded aggressively to traditional espionage with investigation, such as with the theft of national secrets, but those cases really represent counterintelligence failures where the secrets are already in Beijing or Moscow and where valuable new technologies or intellectual property would already be gone," he said.

Counterintelligence efforts rank second on FBI Director Robert S. Mueller's current strategic agenda, sandwiched below counterterrorism work and above the fight against all forms of cyber-crime, according to Mahlik.

Thus far, the Domain project has materialized primarily in the form of relationships built between the leaders of the agency's 56 individual divisions and the leading corporate entities and research groups identified by those units as organizations that control data that criminals and governments could try to get their hands on.

For instance, companies handling sensitive government work -- such as defense contractors and large IT systems integrators -- have already joined in the effort, Mahlik said. The program will be expanded over time to pull more companies into the fold that are developing cutting-edge technologies and other products that are considered to give the U.S. a technological or business-related advantage.

Those relationships, and training seminars held by the FBI in the name of expanding Domain, are aimed at identifying any research, information, or technologies that might be targeted by U.S. adversaries -- and to establish an ongoing information exchange among the program's members to improve protections and reduce opportunities for theft.

As for the current state of involvement of foreign nation states, including large terrorist groups, in intellectual property theft, the FBI refuses to share specific examples or hard data, but Mahlik said there should be little doubt that the problem exists.